• Village

      If a user deletes their account, or has their account renamed by an admin, we should prevent new or existing users from being able to take that user's previous username.

      We return the name as the "sub" in our OAuth userinfo endpoint, which is supposed to be an ID which is never reused or reassigned.

      This will also prevent unnecessary confusion or attempts at impersonation (although I doubt that's ever been a problem).

          Loading...

            • Village

              If a user deletes their account, or has their account renamed by an admin, we should prevent new or existing users from being able to take that user's previous username.

              We return the name as the "sub" in our OAuth userinfo endpoint, which is supposed to be an ID which is never reused or reassigned.

              This will also prevent unnecessary confusion or attempts at impersonation (although I doubt that's ever been a problem).

                    bitmap Michael Wiencek
                    bitmap Michael Wiencek
                    Votes:
                    1 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                      Created:
                      Updated:
                      Resolved:

                        Version Package
                        Schema change, 2017 Q2

                          bitmap Michael Wiencek
                          bitmap Michael Wiencek
                          Votes:
                          1 Vote for this issue
                          Watchers:
                          3 Start watching this issue

                            Created:
                            Updated:
                            Resolved:

                              Version Package
                              Schema change, 2017 Q2