Django Aware: Authenticating Using Email vs Username
NiKo
· 1 year ago
Email based logins? What if user changes its main email address someday? I'd definitely prefer good old plain usernames (or maybe openids).
Disclaimer: I'm certainly not as smart as James Bennet ;-)
Julian
· 1 year ago
Q: What if user changes its main email address someday? A: He logs in with that address.
sean
· 1 year ago
i love using email as authenticating name people might not be able to choose a certain username cause it has been used, but the email address is unique for anyone nice try!
Laundro
· 1 year ago
I can't remember where, but I once heard a website owner reverting to username based login, because a few of his users complained that they shared their email addresses with their spouse/significant others. I guess the same problem occurs when only allowing unique email addresses upon sign-up.
On the other hand, in these days of free email accounts being available ubiquitously, one could argue the problem lies with the user foremost.
pkenjora
· 1 year ago
Gmail has addressed this issue, you can have multiple email addresses at the same account for example:
I use it mainly as lastname+website@gmail.com to track which sites are spamming me but I've also used it to differentiate accounts on the same service.
Granted this only works with gmail but if youre sharing an email account you'll need unlimited storage. Also shared email accounts imply shared website accounts and probably imply 0.01% of the population, other 99.99% will find it easier to use their email.
Brice
· 1 year ago
Paul: actually GMail didn't address anything, plussed-emails have been around for much longer than Gmail. Granted they may have been the first "big" email provider to provide them.
Andrew
· 1 year ago
Email logins may be convenient for website administrators but in my experience is a hassle. If I don't remember which email address used to register I have to reregister. They are also longer to type if not saved by the browser password manager on the computer I happen to be on. On the other hand, prefer to use my regular login name that is short and obscure enough to be accepted everywhere.
OpenID is the real solution, though. Please add OpenID support here!
def authenticate(self, **credentials): return 'username' in credentials and self.authenticate_by_username(**credentials) or self.authenticate_by_email(**credentials)
Brian
· 1 year ago
oh...and your authenticate and get_user functions should be explicitly returning None as the last line
All Comments
Disclaimer: I'm certainly not as smart as James Bennet ;-)
A: He logs in with that address.
people might not be able to choose a certain username cause it has been used, but the email address is unique for anyone
nice try!
On the other hand, in these days of free email accounts being available ubiquitously, one could argue the problem lies with the user foremost.
lastname@gmail.com
lastname+djang@gmail.com
lastname+wife@gmail.com
lastname+husband@gmail.com
I use it mainly as lastname+website@gmail.com to track which sites are spamming me but I've also used it to differentiate accounts on the same service.
Granted this only works with gmail but if youre sharing an email account you'll need unlimited storage. Also shared email accounts imply shared website accounts and probably imply 0.01% of the population, other 99.99% will find it easier to use their email.
OpenID is the real solution, though. Please add OpenID support here!
http://code.google.com/p/django-openid
or
http://wiki.developers.facebook.com/index.php/P...
and if you don't want to code at all
http://www.google.com/friendconnect/
def authenticate(self, **credentials):
return 'username' in credentials and self.authenticate_by_username(**credentials) or self.authenticate_by_email(**credentials)