Suppose the normal workflow:
* browser closed (not logged in LP), the user figured out he has new email
* reading that email, the user click in the link,
* browser open the page "validade you UID"
* the user types the LP pass to validade, click OK
* LP redirects him to user/+editgpgkey,
* LP redirects him to +login because he isn't authenticated yet.
* the user needs to type login/"same pass" again.
So, Redirect from an unauthenticated page as token/key to <user>/+editgpgkey might require user to type his password again, the same was typed for validate the token. It's just /ugly/ from my point of view ... Adding more GPG info than "number of imported keys" to Person Overview can satisfy your suggested workflow, then we can redirect to people/<user> . What do you think ?
Suppose the normal workflow:
* browser closed (not logged in LP), the user figured out he has new email
* reading that email, the user click in the link,
* browser open the page "validade you UID"
* the user types the LP pass to validade, click OK
* LP redirects him to user/+editgpgkey,
* LP redirects him to +login because he isn't authenticated yet.
* the user needs to type login/"same pass" again.
So, Redirect from an unauthenticated page as token/key to <user>/+editgpgkey might require user to type his password again, the same was typed for validate the token. It's just /ugly/ from my point of view ... Adding more GPG info than "number of imported keys" to Person Overview can satisfy your suggested workflow, then we can redirect to people/<user> . What do you think ?