Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Email required for Authentication #146

Open
larrysalibra opened this issue Sep 3, 2019 · 5 comments

Comments

@larrysalibra
Copy link
Member

commented Sep 3, 2019

Some apps require that the user provide an email to access the app. In some cases, this email is required before the user even signs in with Blockstack. It is our view that this requirement runs counter to the Blockstack ethos because it forces app users to give away personal information to a third party before even using the app. It is our position that is not compliant with Blockstack authentication which only requires the signed authentication token to access the app.

Proposal: Apps that require email in addition to Blockstack auth should be treated as if they are using 3rd party sign in methods and scored as such. Blockstack Browser should also make email optional by providing an option to skip it.

@webwizart

This comment has been minimized.

Copy link

commented Sep 3, 2019

Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?
Screenshot 2019-09-03 at 17 21 41

@larrysalibra

This comment has been minimized.

Copy link
Member Author

commented Sep 5, 2019

Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?

Because we didn't develop Discourse, other people did. Back when I wrote the Blockstack plugin for Discourse, it wasn't possible to remove email as a requirement...I'm not sure if that's changed now.

@wilsonbright

This comment has been minimized.

Copy link

commented Sep 11, 2019

@larrysalibra
What are your thoughts on getting the email id from email scope of Blockstack during login with Blockstack ID? Is this fine? I see a few apps do that today.

https://forum.blockstack.org/t/help-using-email-scope/8017/7

@friedger

This comment has been minimized.

Copy link
Contributor

commented Sep 13, 2019

I propose that you get lower scores if you request the email permission without the option to not provide the email address.

The option would be to have two sign in buttons (until the blockstack browser allows to skip it):
"Sign In with Blockstack"
"Sign In with Blockstack + subscribe to the newletter"

Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".

@Walterion1

This comment has been minimized.

Copy link

commented Sep 13, 2019

Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".

I like to see this, maybe a permission manager like iOS and Android is needed for Blockstack Auth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.