You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We now have an API for remote creation of Discourse accounts on our SSO provider site (docs).
Currently, the parameter must be true if provided, but there is no obligation to provide it. That allows to create accounts on edgeryders.eu and to get an Admin API key for such an account, without the user having given consent to research use of the content.
This is a problem because there is no consent funnel when creating content using the Admin API key. So we can either create such a consent funnel for the API, or only hand out the Admin API key after the user gave consent to research. I prefer the latter 😆
The text was updated successfully, but these errors were encountered:
We now have an API for remote creation of Discourse accounts on our SSO provider site (docs).
Currently, the parameter must be
true
if provided, but there is no obligation to provide it. That allows to create accounts on edgeryders.eu and to get an Admin API key for such an account, without the user having given consent to research use of the content.This is a problem because there is no consent funnel when creating content using the Admin API key. So we can either create such a consent funnel for the API, or only hand out the Admin API key after the user gave consent to research. I prefer the latter 😆
The text was updated successfully, but these errors were encountered: