防止 Google OAuth2 用户获得用户名“user1”、“user2”……?

支持
1

I prefer (thus far anyway) to run my forum showing usernames vs. real names, and I’ve made the real name field optional.

But some of my Google OAuth2 (“Sign in with Google”) users have gotten what are apparently default usernames of “User1”, “User2”, etc.

I really don’t like having these generic defaults in the mix.

It looks like this occurs here on meta as well:

image
image173×272 11.2 KB

I don’t know why this happens for a few Google OAuth2 users but not for most. I’d welcome any insight.

I suppose I could rethink my emphasis on usernames. But is there any way to prevent this “User[X]” behavior, short of disabling Oauth2 signups?

1 个赞
2

Bit of guesswork on my part, but could it be that their usernames contained spaces or special characters? That’s not allowed in Discourse usernames.

But @pmusaraj will know a lot better, I’m curious too now :slight_smile:

1 个赞
3

I am pretty sure this is coming from this site setting

image
image1179×792 51.5 KB

If unchecked, the username picker will default to userN, especially if the user doesn’t have a display name in their upstream account.

Security 1, convenience 0 :grinning_face:

3 个赞
5

Thank you! This exact explanation would be a useful addition to the option text.

I may end up checking that box. Since people can edit the suggested names, the risk seems low.

1 个赞
8

When use email for username and name suggestions is disabled, we could leave the username field blank at signup instead of suggesting userN — we’ve done something similar in our admin account signups on new Discourse sites.

Is that something you think you’d like to see for your site members, too, @ToddZ?

1 个赞
9

I would much prefer that, myself. I’d rather see people mash the keyboard and come up with a nonsense username (or hook into a username generator API) than end up with a bunch of userN.

I can’t quite imagine a reason to prefer userN, but if I’m missing something, maybe an optional setting could make everyone happy.