Create User Profiles

[corincerami]

User profile pages can show all kinds of information about a user's activity. It can display innovations a user has created or contributed to, as well as stastics about a user like how many tags they've applied, or how often they contribute to things.

[dazzaji]

From Slack dialog on this topic: individual profile/admin page should enable people to easily "access/manage preferences, collections, permissions, etc in a graceful manner. A 'settings' type page is really needed like the admin page but for people."

A major win here would be a simple as possible way to see and manage the OAuth 2 permissions they have provided. So, if they want to revoke permissions for GitHub but keep Google (for example) they could do that from their permissions mgmt page. Later this can be used to enable a suite of greate integrations and data flows that can really get this thing moving in a good direction!

[corincerami]

I've implemented the first, basic idea of this feature. Currently it is just a profile page for a user that lists the innovations they have created. I'm thinking their should be a separate "User Settings" page, at /users/:id/settings, where they can manage preferences.

[dazzaji]

Just preserving some of relevant chatter from Slack that is relevant to this issue thread:

chris [6:09 PM]
i just realized an issue with the user profiles as i’ve written them, and it’s that the profiles shouldn’t be connected to a User, but to an Identity

chris [6:09 PM]
i’ll work on that

chris [6:10 PM]
actually maybe identities don’t work the way i thought (edited)

chris [6:12 PM]
i thought an Identity encapsulated all of a user’s accounts, but i guess not

----- Yesterday June 20th, 2015 -----

dazza [12:37 PM]
How are you thinking a User and an Account are/should be different? Meanwhile, I'll gather some links to how others have done this well ... and not so well :)

chris [1:02 PM]
so what i realized is that a User is tied to the oauth method you choose. so my github account and my google account are two separate users. I thought Identities connected these accounts, but I was wrong.

dazza [5:08 PM]
Thanks, I understand what you mean now. This raises couple observations and a question:

dazza [5:15 PM]
Observation 1: for our purposes it is a good practice to enable multiple accounts for individual human people ("Users") because it provides a clear & easy way to support more than one "role" per person. By role I just mean "legal capacity" aka the "hat you are wearing". So during the day from a work account a person could contribute IP belonging to their employer and rate or tag on behalf of their employer and at night the same person could contribute their own IP and rate or tag maybe very differently based on their personal opinions, understanding and choices. This can scale to another "role" for your civic hacking group and another for your political party and so on. An OAuth 2 integration is an easy and well suited way for the person and the first to disclose or online Hackathon (or other) system to keep straight everything that happens under each role and the authorizations or other actions attributable to the legal and business and technical entity/entities associated with each role.

dazza [5:28 PM]
The other observation is that a more mature implementation would enable an individual person to associate multiple identity providers (external account integrations) with a single account on our system and to be able to do that with more than one account. That means a person could have a work account with a few external identity providers associated with that (like a work-associated GitHub org and a work-provided google biz apps account and so on) and a second account with a few potentially overlapping identity providers associated with that other account (like maybe their personal github account and a personal gmail account also from google and maybe also some some other identity providers like Facebook and LinkedIn account with no corresponding external workplace accounts. This would enable all the good cross-app and multi-service OAuth 2 integrations for each account but elegantly manages (hence avoids needless and sometimes harmful merging of) different legal and business roles that everybody needs to juggle in the modern world.

dazza [5:31 PM]
The question is: Where in the first to disclose code base is a User tied to the oauth method they choose so a user's github account and the same user's google account are treated as two separate users? Is that part of the OmniAuth gem? Part of something else? I'd like to explore it a little deeper. Thanks!