On May 30, 2012, at 11:36 AM, Jeff Schnitzer wrote:
> On Wed, May 30, 2012 at 12:38 AM, Lloyd Hilaiel <
ll...@hilaiel.com> wrote:
>>
>> Given what's spec'd and implemented in the observer api today, the only
>> sane way I can think of doing this is with an explicit change address
>> button in a management page somewhere. Clicking upon that button stores
>> state in the javascript context that goes away if the page is unloaded.
>>
>> This will fall apart in the case that a user wants to change their email
>> address to a new address that they have not registered yet with browserid
>> and happens to unload the page in the process of verifying their email
>> address.
>>
>> I wonder how many users would have trouble with that flow?
>
> While it works well enough for the case when a user already has the
> new email associated, it seems likely that users will frequently
> change to a new email address which is not associated. Furthermore,
> this situation seems rather catastrophic because when onLogin() is
> called with the new email address, the server will interpret this as a
> fresh login - creating a new account (!) with that email address. Now
> we have a merge problem.
Yeah, a bunch of account merging UI would be lame, I agree pre-empting
that would be good.
I agree that RP controlled metadata at .request() time looks like the
promising and robust solution.
But staying in the confines of what's possible right now to attempt to
uncover a short term solution: If you feel like users will frequently
forget what email they used to log in, and this will
be a non-fringe case (20% of the time?), then perhaps it would be worth an
extra user confirmation before new account creation?
"You haven't logged in here before, Welcome to Voost! We are awesome and
you will like it here!
(Confused? Already have an account? <link>just log in with a different email</link>)
<button>Start Voosting!</button>"
Then at the time the user clicks "just log in with a different email" and goes
through this flow, you have *two* assertions. So you could add this new email
to their account as an alternate way to log in, if that felt like the right thing
to do and you felt this is in accordance with their desires. Maybe this could be
nice? In context setup of backup email addresses? Paving cowpaths? You *are*
correlating user's email addresses, but they *are* sharing these email addresses
with you, with the intention of using your site. It seems fair and good to me with
a little careful ui.
FWIW, upon last check there was 1.6 emails per user in our database. so the common
case for people is one or two emails. So I'd *guess* this isn't an extremely
prevalent case, but I defer to your intuition and data here. (and as persona becomes
more popular, that number could change).
>> I think this could be viable as a longer term solution. At a high level,
>> how would it work? Would there be a payload specified at .request() time
>> that would make its way into the assertion generated as a result of that
>> request, and that request only? /me thinks
>
> This is what I imagine... somehow the request() payload makes it into
> the onLogin() method as a parameter. It would be handier to have it
> available client-side at onLogin() instead of having to extract it
> from the assertion server-side.
That makes sense. +1. I'm curious to hear what others think. Pending a little
fist pumping and some thought, we can turn this into an issue. If we don't
get feedback in this thread, we can break it out into a separate, more focused email
thread.
lloyd