Comments (6)
br41nslug
commented on July 3, 2024
Can you elaborate on how this would work? After the email has been hashed it can no longer be used to send mails to that user like, notifications or password resets 🤔
from directus.
NilsBaumgartner1994
commented on July 3, 2024
These are 2 features currently.
There is a need for the separation of: email address and external identifier.
if you want pseudonym users you would leave out the email adress, users can’t reset password but for SSO logins not necessarily and it would be more privacy policy friendly.
By default the email would be saved
from directus.
NilsBaumgartner1994
commented on July 3, 2024
@br41nslug as some auth. providers like Apple create relay emails for the external identifiers they secure this.
but I don’t see why we could not just save the email address in the email field of the Directus user (or a field like registered with email), and a hashed external identifier.
this would only improve the security. Sure by migrating up, existing instances would hash once the external identifiers.
from directus.
br41nslug
commented on July 3, 2024
but I don’t see why we could not just save the email address in the email field of the Directus user (or a field like registered with email), and a hashed external identifier.
You can configure this for the SSO provider your using _IDENTIFIER_KEY and _EMAIL_KEY. Since this seems to already be covered by configuration i'll be closing this issue.
from directus.
NilsBaumgartner1994
commented on July 3, 2024
but I don’t see why we could not just save the email address in the email field of the Directus user (or a field like registered with email), and a hashed external identifier.
You can configure this for the SSO provider your using
_IDENTIFIER_KEYand_EMAIL_KEY. Since this seems to already be covered by configuration i'll be closing this issue.
But the identifier key will not be hashed? For example for the Google login?
from directus.
br41nslug
commented on July 3, 2024
Identifiers will not be hashed no, and shouldnt be necessary if you're not using the email or another privacy sensitive key. This can however be achieved using flows/hooks by hooking into the auth.create/auth.update events. To implement this hashing in core more than a "tiny tweak" and i want to ask you to make a proper feature request for that as all various SSO providers need to be considered for this.
from directus.
Related Issues (20)
- Upload CSV File Error HOT 1
- Action Flow doesn't show updated payload anymore HOT 3
- Add updateBatch request to the SDK
- CMS is not accessible HOT 1
- Add docs for updateBatch methods
- Adding incorrect value to `one_allowed_collections` relations through schema endpoint breaks graphql endpoint without any visible errors.
- V-drawer showing up behind the manual workflow run confirmation dialog HOT 1
- The data volume of active and revisions will become larger and larger HOT 2
- "You don't have permission to access this." when displaying Directus User in a list in the built-in Directus UI HOT 2
- Directus Paging issue HOT 5
- Error when opening the media-library HOT 2
- Upload files in chunks
- TypeError Cannot read properties of undefined (reading 'primary') HOT 3
- AUTH_LDAP_DEFAULT_ROLE_ID overwrites assigned role on every login
- Unable to detach link in flow
- Unable to create two images with a different name on the same singleton collection HOT 2
- Insight : Definition object should contain 'type' property: Object({ type: undefined, resolve: [function resolve] }) HOT 3
- Directus FLows: Item.create and Item.update have different data structure HOT 1
- WYSIWYG field - filtering for special characters HOT 1
- Cloudinary Storage: Old image returned after replacing/editing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from directus.