Going through the notes something that stuck out to me from android was "Technically, there's no reason that we could not associate a single email (even a defunct email) with many emails."
Which made me to think, do we really need to change the email address in the system or could we add a new one and mark it as active, keeping the original? The original email would still used to generate all required keys to get sync data. We could expand the user model to handle multiple email address, recovery address, etc as outlined in https://github.com/mozilla/fxa-auth-server/issues/973 Are there any shortcomings with this or major gaps I could be missing? - Vijay On Tue, Jan 31, 2017 at 2:05 AM, Ryan Kelly <[email protected]> wrote: > > Hi All, > > > One of the items on our Q1 OKR list is: > > "Enable users to add a second email and change their primary" > > This is an item that we've talked about a lot in the past, but never > really dug into moving on. Let's pick up the thread and try to scope > out what we can realistically achieve on this in Q1. > > I'm sure we've had a long rambling discussion about this topic on the > list in the past, but be damned if I can find it. Does anyone happen to > have a reference to it in their mail history? > > In the meantime, some high-level scoping questions, mostly for :rfeeley > and :adavis but naturally feel free to chime in: > > * How will we measure the success of this feature? Is it simply based > on the rate at which people add/change emails, or do we expect it to > show up in other metrics e.g. a decrease in bounce rate? > > * What UX will we expose to the user here? Will we e.g. expose the > ability to have multiple email addresses, or keep that hidden as > an implementation detail? > > * How will we secure this feature? If the user has lost access to the > email associated with their account, does allowing them to change it > violate the security properties of e.g. sign-in confirmation? Or will > send a confirmation email to the *original* email address as well? > > > Also, some links to previous bugs on this topic, for reference: > > * An old, long, rambling bug on implementation approach: > https://github.com/mozilla/fxa-auth-server/issues/957 > > * Some notes on why this might be tricky on Android: > https://bugzilla.mozilla.org/show_bug.cgi?id=1173566 > > * Some prior UX from :rfeeley: > > https://www.lucidchart.com/documents/view/9c9a4647-615f- > 4b7c-a4db-71ae10afcd04 > > * A new user request for this feature: > https://bugzilla.mozilla.org/show_bug.cgi?id=1334107 > > This is very much still in the scoping phase, so any and all comments > welcome. > > > Cheers, > > Ryan > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
