Code review comment for lp://staging/~joe-topjian-v/django-openid-auth/jtopjian-dev

Sorry for not reviewing this patch earlier. Note that email addresses are only self asserted, so unless you have some other reason to trust the provider you shouldn't treat them as validated.

I wonder if a better approach would be to ask the user for the required information if it is not provided?