I've looked a bit into this. This is actually more complicated than I thought. Should com_users stay identical to the one from the CMS? In that case we should think about forking it. I also think we should look into creating a little OAuth server for testing purposes.

From my POV you should only be able to register through github/OAuth into the tracker. For the dev environment, we would have to provide a way to stage the whole OAuth thing from github. The question from my side would be: Do we want to attach ourselfs like this to github? They actually would have a major control over our userbase....

Maybe instead of authenticating with GitHub, we modify com_users to suit our needs and allow some way to link a tracker account to GitHub? Either way, I'm open to options, but I'd rather us NOT force users to need GitHub accounts.

As for customizing com_users, go for it. Just took it from the CMS to get a base started.

Yeah, it could be done to simply link their github account on their profile page with an extra field.

On Jan 24, 2013, at 12:43 AM, Michael Babker notifications@github.com wrote:

Maybe instead of authenticating with GitHub, we modify com_users to suit our needs and allow some way to link a tracker account to GitHub? Either way, I'm open to options, but I'd rather us NOT force users to need GitHub accounts.

As for customizing com_users, go for it. Just took it from the CMS to get a base started.

—
Reply to this email directly or view it on GitHub.

I spent some evenings playing with the issue at hand and I came to the following very personal conclusions:

We should definitely support a login facility using an existing GitHub account - more I would say we should make this the only available login to the front end.

I am also convinced that we should push comments and new issues to GitHub.

I was also playing with web hooks, and I think with carefully pushing and pulling we may be able to syncronize both "event streams".

Please have a look at #78.

Has been fixed in #103