You can clone with
HTTPS or Subversion.
Hopefully this is just me not using the Observer API properly, but if you look at the onlogin code in Libravatar, you will see that any onlogin call with a valid assertion will cause this:
Now, I can see a way to eliminate all of this: the JS front-end could parse the assertion and extract the email out of it. However, I'm not sure we want to recommend that people do that.
Is there a better way to handle this?
How does passing loggedInEmail impact this? That should avoid the onlogin call altogether, right? Is there a reason you'd rather not use loggedInEmail?
@callahad I'm using loggedInUser maybe that's the problem.
So if I use loggedInEmail then neither onlogin nor onlogout will fire when the right user is logged in?
@fmarier Correct! Unfortunately, loggedInUser got delayed and hasn't entered production yet. Even worse, I can't update MDN to note the slip. It will go live with our next production push.
As usual, @callahad was right :)
Replacing loggedInUser with loggedInEmail does prevent the unnecessary onlogin calls.
I'll close this bug, but we should make a mental note (if there isn't one already) to make sure that this is well documented.