As Craig mentions, what's appropriate for your application depends on your security requirements.
Greenhouse supports sign-in by email address OR username, and the Account username field itself is optional. I could imagine a mode in which sign-in by email was disabled and the username field was required then. Would you find it useful if Spring Social provided a sign-up and sign-in module that could be customized in that manner?
It's definitely a useful feature to support automatically populating your local Account profile from a linked social profile. Greenhouse supports this to some extent already. Specifically, when you "Sign in Using Facebook", if the Facebook access token obtained from your local browser cookie is not associated with an existing Greenhouse Account, you'll be redirected to a signup page and the signup form will be pre-filled from your Facebook profile information. In this case, yes, your email address will be populated because we got it from your Facebook account -- but it won't necessarily be usable as a sign-in credential unless your application allows for that. In Greenhouse, a specific FacebookSigninController handles this case; if we supported "Sign in Using Twitter", for example, we could have a TwitterSigninController that maps Twitter profile data onto the signup form as well.
Do let us know what else you're looking for in this area once you take a look at the code.
Last edited by Keith Donald; Nov 9th, 2010 at 03:29 PM.
Core Spring Development Team