mozilla-auth0 handler translates a Mozillian's login into Taskcluster
credentials. That login can be for an LDAP account (employees, committers) or
a github account or just an email verification.
The credentials assume the role
the Auth0 userid. It is generally
|-delimited and guaranteeed to always
refer to the same person. As a special case, for Github logins, the user's
current Github username is appended to the userid. Users can change their
Github usernames, and doing so will result in a new userid (but with the same
numeric portion). This is done to make such login identities human-legible.
All Mozillians access groups of which a user is a member are reflected as
Note that Mozillians differentiates access groups from other types of groups. It is a setting in the group-administration UI.
Similarly, all LDAP groups of which a user is a member are reflected as