Identity in software, the forums

posted by Jeff | Sunday, February 12, 2023, 8:20 PM | comments: 0

I imagine it's mostly just coincidence, but I've encountered identity in a number of different jobs, and I'm seeing it again at work. "Identity" in the software sense is the way that you identify people as real, and use that information in another system. For example, we've all used various services on the Interwebs by logging in first to Google or Facebook or whatever. At work, you may login to some central thing before bouncing to some external service.

For years, even prior to someone filing an issue on the project, I've wanted to work external identity into POP Forums. Over the years I've had so many developers try to integrate the forum by way of changing the underlying data. In other words, they would try to replace the forum's user records with their own data. That almost never works out, unless you use the forum itself as your source of truth for user information (this is what I do on CoasterBuzz). But inter-service identity has been a solved problem for a long time. The protocols and standards are well known and fairly easy to use. I didn't attack this on my previous release, which was pretty huge, but it's a pretty big deal that justifies another release, sooner than later.

For whatever reason, I got a bug up my whatever on Friday and decided to start working out how to do this. I'm using my Azure AD as a test source, and so far, so good. I can login through it and the forum will automatically provision an account. If the user is in the right groups and serves up the right claims, it will also map those to moderator and admin roles. It will periodically check to make sure the user is still legit with refresh tokens. It all just works, and I got there a lot faster than I expected.

I still have to work out how to reconcile same names (a company might have more than one John Smith, for example). I was going to do the same for email, but I would think the odds of any organization having recycled email is pretty rare. The forum wants unique names and email, so in the event of a duplicate email I still have to do something about that.

I've been way more into thinking about video lately, because of another project, but it was fun to dive into a code project.


No comments yet.

Post your comment: