You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
New users should get an email to join, then create a password.
Design
Problems
At the moment users can create a new account without being invited. They exist for auth but have not Users entry (or access to any realm). At the moment this results in a redirect loop to the sign-in page (is cookie clearing working right?)
If the user both creates a login and was invited, everything works.
This maybe a potential abuse vector: folks can spam account creation without being invited
This is also a bad experience
Solutions
When an admin creates a new user, send the new user an email sign-in link.
Prompt the user to create a password for future sign-in
2a) also register 2nd factor
Allow admins to re-send the email
Deprecate the (currently ad-hoc) email verification and new user auth creation flows
Alternatives
Pre-create the user with a phony password and call the password reset email flow?
The text was updated successfully, but these errors were encountered:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
TL;DR
New users should get an email to join, then create a password.
Design
Problems
At the moment users can create a new account without being invited. They exist for auth but have not Users entry (or access to any realm). At the moment this results in a redirect loop to the sign-in page (is cookie clearing working right?)
If the user both creates a login and was invited, everything works.
This maybe a potential abuse vector: folks can spam account creation without being invited
This is also a bad experience
Solutions
2a) also register 2nd factor
Alternatives
Pre-create the user with a phony password and call the password reset email flow?
The text was updated successfully, but these errors were encountered: