Manual user sign-up
Problem to solve and solution
Some people don't like to login through third-parties. We should offer them the opportunity to specify an email/password combination directly.
Proposed solution and changes
- Use bcrypt for hashing passwords (with a salt)
- Resolver to create new user with a password
- Verify email addresses with a verification email
- Reset password emails with reset password tokens
Risks and challenges
- Spam/mass user creation
- Lots of users with unverified email addresses