One of the ways in which I use Persona in Libravatar is to let users add alternate email addresses to their account without having to click a confirmation link sent via email. (Which I guess is the original idea behind the "Verified Email Protocol".)
Converting that to the Observer has meant hacking the watch() callbacks so that they are ignored on the add_email page, and silently swapping the logged in user to match Persona's expectations of who is logged in.
It also involves falling back to a non-Persona session when an "already taken" email is added or when an email is removed. Not great if we want to allow RPs to use Persona as their only authentication mechanism.
Do we need to add another API call (like navigator.id.getVerifiedEmail()) for cases like these? I think adding all of your email addresses to your profile is a common use case. In fact, we should encourage RPs to let users add alternate email addresses to their accounts so that they're not locked out when they lose access to their email.
This would also help in the "Change Email Address" case.
Looks like GH-853 is talking about the same thing.
(Also, GH-58 is related to changing email addresses.)
I've been inside and out of the question about what happens when users lose access to an email account. Is there any case where this would happen other than a work email? Corporations that issue emails want anything associated with those accounts to die when the person leaves. I'm thinking not being able to access it is more a feature than a bug. Each website needs to decide whether the ability to change the core account email address is appropriate feature for them. If it is, they need to build it.
@fmarier "In fact, we should encourage RPs to let users add alternate email addresses to their accounts so that they're not locked out when they lose access to their email." They're not locked out unless they also forget/lost their password, right? We could investigate the model Sync is using which is that if you have either your registered device OR access to your email you can recover your account.
@skinny97214 The non-employer use cases I can think of are:
(#1 is not a huge concern if you're with Hotmail/Gmail/Yahoo, but I have read scary stories of people "locked out of the Internet" because of #2 and my brother in law has permanently lost a Hotmail account due to #3.)
You're right about them not being locked out when their email is using our secondary IDP. However if they're using a BigTent or a primary email, then they're locked out when they lose their email account. Which, as you point out, is exactly what you want with an employer email account.
Also: 5. You graduate from College and no longer have your firstname.lastname@example.org account.
It seems like most high-value websites I use ask me to supply a "recovery email" in case I get locked out somehow or another. It'd be great for Persona to be able to do the same.
Proposed solution: Since we're not immediately deprecating .get() anymore... maybe we could just keep using .get() for this?
That is.. does .get() update Persona sessions?
How many high value sites are there and what types of services are they offering? I need to understand their needs better to see if we can abstract this up into our feature set.
@skinny97214 I'm not sure I understand what you're asking for.
Are you looking for examples of large (popular?) sites that request more than one email address or are you asking about RPs that could potentially use Persona and where losing your access to them would really hurt?
interesting that the practice of backup emails in some ways widens your vulnerability to attack. Your account is now as weak as the easiest email you have to compromise. Not saying this isn't common practice, just interesting.
Link to #58, #794, #852
Close as dup of #852