Peter Uithoven

It's been a while since I looked into this, but does this apply to both CouchDB and Cloudant? On Cloudant, for example, there is a separate `Unauthenticated connections` / `nobody`...

I'm afraid I can't take on the responsibility anymore, my work for Doodle3D has ended

In the case of socialAuth's the username isn't validated, meaning we assume social auth providers only have usernames that couchdb can handle as _id? See: https://github.com/colinskow/superlogin/blob/master/lib/user.js#L370

To clarify, I'm proposing to use UUID's as userDoc _id. This would also be very helpful for Google Analytics usage, since this doesn't allow you to send them personally identifiable...

Interesting article on the subject: https://www.b-list.org/weblog/2018/feb/11/usernames/

It's possible for users to remove all their (other) sessions. It's also valid for a limited time (although this is extended when used). A session isn't translatable to the user's...

Definitely additive, maybe even with a warning when replacing existing views, to prevent as you mention existing functionality. Our biggest usecase was performing analytics, being able to retrieve relevant user...

To add to the above, stuff get's more tricky when you need information from the all the users their private database. We for example liked to see how many documents...

> So would you then update the derived data from the user private dbs to the "sl-users" via a superlogin endpoint or through some other mechanism? So for example beside...

Relevant: https://github.com/colinskow/superlogin/issues/167