Hopefully this is just me not using the Observer API properly, but if you look at the onlogin code in Libravatar, you will see that any onlogin call with a valid assertion will cause this:
Now, I can see a way to eliminate all of this: the JS front-end could parse the assertion and extract the email out of it. However, I'm not sure we want to recommend that people do that.
Is there a better way to handle this?
How does passing loggedInEmail impact this? That should avoid the onlogin call altogether, right? Is there a reason you'd rather not use loggedInEmail?
@callahad I'm using loggedInUser maybe that's the problem.
So if I use loggedInEmail then neither onlogin nor onlogout will fire when the right user is logged in?
@fmarier Correct! Unfortunately, loggedInUser got delayed and hasn't entered production yet. Even worse, I can't update MDN to note the slip. It will go live with our next production push.
As usual, @callahad was right :)
Replacing loggedInUser with loggedInEmail does prevent the unnecessary onlogin calls.
I'll close this bug, but we should make a mental note (if there isn't one already) to make sure that this is well documented.