Problem
Apigee Edge allowed uppercase characters in all part of an email address.
Moreover it handled email addresses case sensitively.
In contrast, Apigee X/Hybrid only allows lower cased email addresses, ALL parts the email address MUST BE lowercase.
Additionally, Drupal (devportal) also handles email addresses case insensitively. https://www.drupal.org/project/drupal/issues/2490294
According to RFC 5321 section 2.3.11.the local-part of an email address can be case-sensitive and it is up to the Domain to decide on this. So johndoe@example.com could be a different user than JohnDoe@example.com.
Questions
A previous unfinished attempt to mitigate this in the Drupal Apigee connector: https://github.com/apigee/apigee-edge-drupal/pull/756
@mxr576
For Drupal, Re-opened the pull request and issue https://github.com/apigee/apigee-edge-drupal/issues/730
Thanks @shishir21 , IMO this should not be solved on the Drupal level, the problem that this small architectural difference causes for customers who would like to migrate from Apigee Edge to Apigee X is bigger than the scope of the Drupal or any developer portal.
The Github issue only concerns a very specific problem in which case an IDP may eliminate identity stealing, if and only if, that is the only source of users on a developer portal and the only way to log in.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |