anonymous users

[umputun]

This is going to be an optional mode (off by default) implementing auth provider allowing login without any verification. The only input it will ask is a user name.

[umputun]

We also need frontend change for this. From API's point of view, this is just an additional provider anonymous. For login UI should show a popup/dialog with user name and hit /auth/anonymous/login?user=<user-name>&aud=<site-id>

It will be nice to do local verification with the same simple rules server side enforces on anonymous:

• the name should be at least 3 characters long
• the name has to start from the letter and contains letters, numbers, underscores, and spaces only (regex ^[a-zA-Z][\w ]+$)

[Hixon10]

Can anonymous users vote? If can, do we need protection on the voting results?

[umputun]

good point. I'll make a change to prevent anonymous from voting

[leem32]

If anonymous users are enabled is there anything to prevent a bot from entering a username and posting spam?

Is there a honeypot field and/or recaptcha for example?

[umputun]

sure, some protection will be nice to have. I don't think recaptcha will be friendly for honest users, but honeypot field should be ok. I also have a plan of integrating some kind of anti-spam on server-side.

But even without all of this - enabling anonymous access will be user's decision and will be off by default. And I can imagine some internal/trusted systems, where users would like to allow such access without worrying about spam/abuse.

[Reeywhaar]

Should anonymously logged in user be able to request data removal?

Edit: Nevermind, I see server rejects such requests