link to indieauth and mention existing problems with this approach

author: https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web> 2015-05-13 15:49:18 -0400
committer: admin <admin@branchable.com> 2015-05-13 15:49:18 -0400
commit: 5d49b5c1158e4869196ea516d8899b7b512b5900 (patch)
tree: 9fed8142299f71a64bd1854f81fbf6a781c8e6f2 /doc
parent: 370261e715ab53e9630e2c209e478c4b87bf14c6 (diff)
download: ikiwiki-5d49b5c1158e4869196ea516d8899b7b512b5900.tar
ikiwiki-5d49b5c1158e4869196ea516d8899b7b512b5900.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index a164b783b..fa1995712 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -99,3 +99,7 @@ adminusers can be converted, perhaps automatically, to use the email
 addresses on record.
 
 Thoughts anyone? --[[Joey]]
+
+> I had looked at something like this before, through [[todo/indyauth_support]] - which basically turned out to outsource their own auth to http://intridea.github.io/omniauth/ and http://indiewebcamp.com/RelMeAuth...
+> 
+> But it seems to me that your proposal is basic "email opt-in".. the one impact this has on (drupal) sites i know is that spammers use even those forms to send random emails to users. it's weird, but it seems that some bots simply try to shove victim's emails into forms with the spam data as they can and hope for the best... it seems this could be vulnerable as well... - [[anarcat]]
author	https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web>	2015-05-13 15:49:18 -0400
committer	admin <admin@branchable.com>	2015-05-13 15:49:18 -0400
commit	5d49b5c1158e4869196ea516d8899b7b512b5900 (patch)
tree	9fed8142299f71a64bd1854f81fbf6a781c8e6f2 /doc
parent	370261e715ab53e9630e2c209e478c4b87bf14c6 (diff)
download	ikiwiki-5d49b5c1158e4869196ea516d8899b7b512b5900.tar ikiwiki-5d49b5c1158e4869196ea516d8899b7b512b5900.tar.gz