Loading...

XML

Word

Printable

Type: New Feature
Resolution: Fixed
Priority: Normal
Fix Version/s: Schema change, 2017 Q2
Affects Version/s: None
Component/s: Schema Change
Labels:
None

Size Estimate:
Village

If a user deletes their account, or has their account renamed by an admin, we should prevent new or existing users from being able to take that user's previous username.

We return the name as the "sub" in our OAuth userinfo endpoint, which is supposed to be an ID which is never reused or reassigned.

This will also prevent unnecessary confusion or attempts at impersonation (although I doubt that's ever been a problem).

has related issue

MBS-9426 Interface to remove usernames from blocked list

Closed

MBS-11828 Add admin interface for checking whether a username is blocked

Closed

is related to

MBS-9275 The OAuth userinfo endpoint doesn't return a unique ID for "sub"

Open

Assignee:: Michael Wiencek

Reporter:: Michael Wiencek

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017-03-06 19:54

Updated:: 2021-08-02 08:32

Resolved:: 2017-05-16 04:57

Version	Package
Schema change, 2017 Q2

Details

Description

Attachments

Issue Links

Activity

People

Dates

Packages