Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Users can't see new teams that they have been whitelisted into without logging out and logging back in #2441

Open
jama22 opened this issue Jul 30, 2018 · 4 comments

Comments

3 participants
@jama22
Copy link
Member

commented Jul 30, 2018

Users can't see new teams that they have been whitelisted into without logging out and logging back into Concourse. It would be really, really nice if you could do that

@jama22 jama22 created this issue from a note in UX (Backlog: Web) Jul 30, 2018

@jama22 jama22 added this to Icebox in API via automation Aug 13, 2018

@jama22

This comment has been minimized.

Copy link
Member Author

commented Aug 13, 2018

Turns out this can be a bit of a headache to implement given how our current APIs and tokens work. Adding to the API project

@jama22 jama22 added the spike label Aug 20, 2018

@jama22

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2018

Adding a Spike label to spend time thinking about an approach to solving this problem. Things to consider:

  • Do we need to use refresh token to get access to latest teams
  • Increasing frequency of refreshes to achieve this?
  • What happens on the inverse, where you are removed from a team but your token says you are still part of the team?

@jama22 jama22 removed this from Backlog: Web in UX Sep 17, 2018

@jama22 jama22 moved this from Icebox to Backlog in API Sep 17, 2018

@xtremerui

This comment has been minimized.

Copy link
Contributor

commented Oct 22, 2018

There are a few scenarios to consider:
Assume I'm user1

  1. user1 is logged in on webui and is added to teamA
  2. user1 is logged in on webui and removed from teamA
  3. user1 is logged in on webui, added to teamA, and tries to fly login to teamA
  4. user1 is logged in on webui, removed from teamA and tries to fly login to teamA

What actually happens...

  1. I should be able to see teamA in the webUI after a refresh
  2. user1 could have access to teamA for as long as they stay logged in or their token expires (24 hrs). This is bad
  3. Same as (1), but we could remove the previous convenience feature and force users to log in again
  4. Same as (2), but we could remove the previous convenience feature and force users to log in again

Scenario (1) and (3) is a pain in the ass but realistically if we can communicate to the user that they need to do this it wouldn't be so bad.
Scenario (2) and (4) is probably the most concerning, since the removal should occur relatively quickly

@mxplusb

This comment has been minimized.

Copy link

commented Nov 16, 2018

@xtremerui I'm running into Scenario (1) and (3) right now, actually. I think as long as a user is signaled to logout and reauthenticate that should be more than enough - I know my users would take that action.

//cc @theradchad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.