make clear that »trustedOpenID=^.$« is absolutely required* for hybrid OpenID+OAuth authentication mode

Open cloph opened this issue 10 years ago • 1 comments

not setting it will result in groups being broken when linking one of the oauth methods to ones identity, even when not using that to login to the session.

As that is such an integral part of the configuration, it must not be hidden in a FAQ in a section that looks like a cosmetic problem, but stated boldly in the main Readme and documentation.

Ideally, the plugin should also throw an Exception/log an error in case the configuration conflicts

Dec 08 '15 22:12 cloph

Nah, I'm not using a hybrid setup, and Groups are working fine without that setting. It's really only needed for hybrid. So, no, it's not requires.

I'll admit the documentation as a whole could use some work; perhaps you'd like to propose a patch?

Mar 03 '18 02:03 stephen-smith

make clear that »trustedOpenID=^.*$« is absolutely *required* for hybrid OpenID+OAuth authentication mode

make clear that »trustedOpenID=^.$« is absolutely required* for hybrid OpenID+OAuth authentication mode