- 🇩🇪Germany Anybody Porta Westfalica
16 years later, I think this should be discussed again. There are surely usecases where a "Username" is very untypical and the requirement for a username shouldn't be enforced by a CMS & Framework like Drupal.
One typical example is eCommerce. I know no relevant Shop system that requires a users to enter a username. Same for many many SaaS projects, where the eMail Address is the login.
So while there are workarounds in contrib, I think we should really have a discussion, if the enforcement of a username is still the right way to go for the many use-cases of Drupal?
- Status changed to Active
10 months ago 8:40am 17 August 2023 - 🇬🇧United Kingdom catch
This is still probably blocked on 🐛 Allow password reset on account with the username matching another email; prevent registrations that match another account Needs work and ✨ Check usernames that are email addresses more rigidly, only allow if matches email Needs work - i.e. what happens if one user's email address is user@example.com and another user's username is user@example.com?
I do think we should consider at least a configuration option to allow logging in with e-mail or username in core, it's an extremely common pattern.
That's different from allowing e-mail-only registration though which would be https://www.drupal.org/project/email_registration → in core. That gets a lot trickier because we need something to put as display name (content and comment authors), and that defaults to username.
- 🇩🇪Germany Anybody Porta Westfalica
Thanks @catch totally agree - perhaps this topic would be worth a fresh issue too.
One thing regarding your last sentence: I think also that discussion would make a lot of sense for Drupal Core as modern Framework (not specifically as CMS, but as general purpose, Commerce Platform, SaaS foundation etc.): Using no "Username" at all, which means at least hiding the fields entirely for users and site-admins should really be considered not to be a contrib thing.
10Y ago we were in a world, where usernames were common for many things like Forums, Communities etc., but today I think at least 50% of web projects with user registrations (excluding things like Communities, where the email address needs to be hidden and an alias used of course), do not use usernames and don't confront users with it. And I really think Drupal *should* have Username optional in Core long-term.Or in other words: Think of modern SaaS or Headless frameworks like https://appwrite.io/ or https://directus.io/ I don't think one would hard-code the requirement for a username anymore for user accounts. But Drupal has a different history, where username was best-practice. But I don't think we should stick to that.
Of course, I know this won't be an easy job, so what I'm talking about here is the strategic perspective.
So should we proceed here or in (separate) issue(s)?
- 🇬🇧United Kingdom catch
@AnyBody I think it's worth splitting out yeah. There are at least two tracks:
1. Allow user to log in with their e-mail address OR username on the login form - PP on the two issues about e-mail-like usernames. This is not necessarily going to be easy to get done but the scope is quite small and it makes sense in its own right, and for me it would be a normal core feature request.
2. Provide an option to make usernames optional. This has considerably larger scope and it might need to go in the ideas queue of product manager sign-off. While it's a common use-case, projects that don't require usernames will invariably customize the display name, to use first and last names, and core doesn't have anything like that. So we need to ask and answer questions like: - what can be used for display name if username is empty? What happens to the unique, required database column? etc. This would then need its own meta implementation issue for the various bits.