I’m setting up a WriteFreely instance for the users of my Mastodon instance, and I’m using the generic OAuth implementation to let them log in and create new accounts. One thing I noticed is that the binary open/closed registration toggle is a problem. Specifically:
- if registration is “open” then yes people with a login to my Mastodon instance can create new accounts, but also anyone who hits the front page can create a new username through the standard user/pass account creation process
- if registration is “closed” then people can’t use the front page to make new account (which is what I want), but also OAuth users can’t make new accounts
What I would like is for a setting that disables generic account creation but allows any OAuth user to make a new account. This is so that “strangers” can’t make an account, but people on my Mastodon server are free to do so.
I played with the idea of a new setting in config.ini that would go here (I’m referencing the PR where Matt created this feature for maximum context):
It would be a second boolean (allowOAuthRegistrationOverride or something) that if set to true would not trigger the code block highlighted above and a new user could be created regardless of the instance’s “closed” status.
But then I thought, well, what if you just made it so that OAuth was not gated by the closed/open status of the instance, and if an admin wanted to turn off OAuth they would just comment out the config.ini info for OAuth. But that goes against the idea of PR 303 above.
So basically this is a design question: how do we best enable my use case?