brokers: Rename setting to force_access_check_with_provider#1444
brokers: Rename setting to force_access_check_with_provider#1444
force_access_check_with_provider#1444Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1444 +/- ##
==========================================
- Coverage 87.05% 80.28% -6.78%
==========================================
Files 93 20 -73
Lines 6367 999 -5368
Branches 111 0 -111
==========================================
- Hits 5543 802 -4741
+ Misses 768 197 -571
+ Partials 56 0 -56 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
The new description is less technical and more functionality-focused. I don't think that'll be an issue for most users, if anything it should be less confusing. so I agree with the approach and the new name:)
Edit:
P.S., I linked #1443, if you are addressing #1340 as well in the same PR, consider linking it as well, so we don't forget about it
We've had reports that users expect the force_provider_authentication setting to always require device authentication during login. That's not the case, it instead forces a token refresh during login, which fails if the user does not have the necessary permissions in the identity provider. The new name should hopefully make the setting clearer. A few considerations: * We chose "force" instead of "require" or "always" to signal risk, because it's a major UX issue if users are not able to log in when they have network connectivity issues. * For the same reason, we decided to keep the setting opt-in. * We chose force_access_check_with_provider over the shorter force_provider_access_check for clarity and closeness to natural language.
adombeck
force-pushed
the
1443-rename-force-provider-access-check
branch
from
9d068d2 to
de17fff
Compare
adombeck
changed the title
force_provider_access_checkforce_access_check_with_provider
edibotopic
left a comment
edibotopic
left a comment
There was a problem hiding this comment.
Good change. Thanks for updating the docs too.
@edibotopic note that I only updated the setting name. we might still want to the rest of the section. I'll leave #1340 open for that. |
Yes, that makes sense @adombeck . |
4 participants
We've had reports that users expect the force_provider_authentication setting to always require device authentication during login. That's not the case, it instead forces a token refresh during login, which fails if the user does not have the necessary permissions in the identity provider.
The new name should hopefully make the setting clearer.
A few considerations:
We chose "force" instead of "require" or "always" to signal risk, because it's a major UX issue if users are not able to log in when they have network connectivity issues.
For the same reason, we decided to keep the setting opt-in.
We chose force_access_check_with_provider over the shorter force_provider_access_check for clarity and closeness to natural language.
Closes #1443