Discourse now has the ability to connect and disconnect different authentication providers to your account. This is good, but there is still more we can do. These are things I intended to do with my last round of improvements, but have not managed to complete before needing to move on to another project.
Track ‘last used’ date for social login
Log ‘connect’/‘revoke’ events in UserHistories
As @fantasticfears pointed out here, features like this are difficult to implement with the current data structure. We should try and consolidate this information into one table, and share as much logic between providers as possible.
An improved system would be a
user_associated_accounts table. Columns are based on the omniauth ‘auth hash schema’ Auth Hash Schema · omniauth/omniauth Wiki · GitHub. Email and nickname have dedicated columns as well as the ‘info’ column, so that they can be easily accessed.
- provider_name (not null) (omniauth ‘provider’ - required)
- provider_uid (not null) (omniauth ‘uid’ - required’)
- user_id (not null)
- last_used (not null)
- info (jsonb) (omniauth ‘info’)
- credentials (jsonb) (omniauth ‘credentials’)
- extra (jsonb) (omniauth ‘extra’)
The tricky bit here will be migrating data to the new structure, and updating plugins accordingly. It’s not a small amount of work, but I think it would be worth it.