Passing back group information for a new user back to the application

[phirefly]

Is there currently a way for a MyUSA signup to inform our app that the new signup is of a certain type? e.g. It'd be great for 18F signups to be automatically tagged in our system as 18F. One approach could be that we give people a special url like https://alpha.my.usa.gov/18fsignup. If they sign up there, it can pass something back to our app, so that we to automatically update them as an 18F user.

C2 would like for one other group as well, so this would be very helpful. Thank you!

[harrisj]

It looks like instead of providing some sort of passthrough mechanism, the easiest approach would for the calling application to provide an additional argument within the callback URL, so it would be something like YOUR_SITE/auth/myusa/callback?type=18f. I think this would work. Want to try it out?

No, it doesn't seem like a good idea. Looking at other passthrough mechanisms

[afeld]

@phirefly The core issue here seems to be: do we trust the users to accurately self-identify?

[harrisj]

That is another issue, but I would like to figure out the authoritatively correct way for clients to put passthrough params in an Oauth 2 authorization flow

[harrisj]

I am going to push to lower priority for now while I deal with some other more important bugs. Sorry, @phirefly, but I will let you know when I get back to it.