Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Associate accounts with websites #1034

Open
jorgesumle opened this issue Mar 27, 2018 · 9 comments
Open

Associate accounts with websites #1034

jorgesumle opened this issue Mar 27, 2018 · 9 comments
Labels
good first issue suitable for new contributors linked accounts integration with other platforms

Comments

@jorgesumle
Copy link
Contributor

Right now people can prove that they are who they are by linking some social networks. However, we cannot do that with websites.

I'm thinking about implementing a validation mechanism (like uploading a file to the root of the server and making Liberapay check for it), so that people cannot impersonate teams or individuals by claiming the ownership of websites. Using this feature we could link the Liberapay account with liberapay.com, and projects or bloggers could link their accounts with their websites.

What do you think? Can we do also something for people who don't have access to the server root, like people who use noblogs.org or wordpress.com?
@Changaco
Copy link
Member

I thought we already had an issue for this but I can't find it, I guess I was thinking of gratipay/gratipay.com#2477.
@Changaco Changaco added the linked accounts integration with other platforms label Mar 28, 2018
@Changaco
Copy link
Member

Note: there is a standard protocol for verifying domain ownership now, the one used by Let's Encrypt.
@EdOverflow
Copy link
Member

Remember to keep an eye out for these verification flaws when implementing this: https://edoverflow.com/2018/logic-flaws-in-wot-services. ;)
@Changaco
Copy link
Member

Changaco commented Feb 8, 2019

We should implement the same mechanism as Mastodon: looking in the target page for a rel="me" link to the user's Liberapay profile. To do that we'll need a safe HTML parser. Ideally it would run in a different VM than the webapp, as an extra precaution.
@Changaco
Copy link
Member

Once a website has been verified and attached to an account, the matching username should be assigned to that account. For example if the liberapay.com domain is added to the Liberapay team, then https://liberapay.com/liberapay.com/ should automatically become an alias of and redirect to https://liberapay.com/Liberapay/. We need #1712 for that.
@trebmuh
Copy link
Member

trebmuh commented Jan 7, 2021
edited
Loading

(Only bumping here because) I'd very like to have the possibility to associate an account with a website.
@BeeFox-sys
Copy link

rel="me" backlinks are the standard way to confirm site ownership
@just1602
Copy link

That'd be great if rel="me" attribute could be added to social media link, so people who link their mastodon account on their liberapay account and who link their liberapay account on their mastodon account could see their liberapay account be verified on mastodon.
@Changaco Changaco added the good first issue suitable for new contributors label Dec 14, 2022
@Saumya-ranjan
Copy link

Hello, @jorgesumle and @Changaco I would like to Contribute My first Open Source Contribution. If there is something I could help you out with or fix some issues Please do ping me.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue suitable for new contributors linked accounts integration with other platforms
7 participants
@just1602 @Changaco @trebmuh @jorgesumle @EdOverflow @BeeFox-sys @Saumya-ranjan