Page MenuHomePhabricator
Create Task
Maniphest T111480

Allow AuthManager providers to skip email address verification when creating a local account for an existing remote account
Open, Needs TriagePublic
Actions

Description

AuthManager creates a local user account when a provider succesfully logs the user in with a username which does not exist locally. Providers can set the email address of the newly created account by passing a UserDataAuthenticationRequest; MediaWiki will then send a verification email to this address. Many providers (e.g. a Google login) have their own email verification procedure, so verifying again might not be necessary, and makes the process of local account creation less smooth than it could be. It would be nice if providers could somehow mark the email as already verified.

It is not obvious whether this is always a good thing, though. To quote Brad,

The email verification in MediaWiki is both "is this address valid?" and "give us permission to send email to this address?", and I don't know that we want to assume the latter just because of the method they used to log in.

Maybe this could be done in combination with a site option allowing/disallowing it.

Related Objects
Search...

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits