switch to authenticate based on the cloud account

[MarconLP]

Changes

related #5847

replaces this PR: #7159

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
posthog	❌ Failed (Inspect)		Apr 4, 2024 0:27am

[MarconLP]

todos:

• force user to login before being able to fill out the "ask a question" modal (@corywatilo)
• provide a list of affected users Messaging: Auth merge between cloud and website meta#162 (@MarconLP)

[corywatilo]

I ran through a bunch of use cases to test. Not sure if testing on localhost produces the same results as being on posthog.com (same domain?), but here's what I tested:

✅ Creating a new community account (while signed into Cloud)

❌ Linking an existing Cloud and community account that use the same email edit: found this referencing a migration

• Got error: Email is taken
• Expected: Links accounts with matching email

❌ Updating email address on Cloud

• When updating on Cloud, the new email isn't reflected in the community account

❌ Signing into community when also not signed into Cloud

• After authing on Cloud, it 404s on the authorize redirect:
  

❌ Being automatically signed into the community when signed into Cloud

• Expected: When signed into Cloud, visiting the community, and clicking the login button, I should be signed in immediately instead of seeing the Cloud auth screen again

But most importantly, this misses the ultimate goal of intentionally having separate emails for Cloud and community logins and letting users link them. When they leave a job, we want them to be able to take their community account with them. The association between the Cloud and community user will need to be broken, but they should be able to use their community account independently and link it to another Cloud account in the future.

You may also want to link multiple Cloud accounts in the future, as well.

We had originally talked about auth0, which has a plugin for Strapi and would be nice so people can connect their community account with Github (or others). What's the context for going this route instead?

[MarconLP]

But most importantly, this misses the ultimate goal of intentionally having separate emails for Cloud and community logins and letting users link them.

The idea of support was using their cloud account on the forum as well, so we can generate login-as-user and session replay links. Essentially removing the difference between an in-app ticket and a community question.

Should we suggest they add a backup email they can use to reset their password to the community if their primary email is deactivated

Currently most community accounts use the same company email they use for the cloud account as well. We would need to ask users for their personal email when logging into the forum for the first time and eventually move the community account to that cloud account as well when using a different cloud account.

You may also want to link multiple Cloud accounts in the future, as well.

In what cases would you need to link multiple cloud accounts? From the support-side we intentionally do not want multiple accounts connected.

When they leave a job, we want them to be able to take their community account with them. The association between the Cloud and community user will need to be broken, but they should be able to use their community account independently and link it to another Cloud account in the future.

I don't think we need to break the Cloud <> Forum account connection, instead they should transfer their community account to another cloud instance. We can do this manually right now, but what would an automated transfer look like?

We ask for their personal email when logging into the forum for the first time. If the community account exists already we link them?