Soft logout

[lampholder]

I couldn't find an existing riot web issue for this, but it should be possible to log a user out without obliterating their session.

There's an MSC Proposal for this.

tl;dr you're logged out (can't sync any more or send any messages) but your encryption keys aren't blown away, and you can recover access to your current session by typing in your password.

UX to follow.

[lampholder]

As a strawman, how about a UX something like this:

[turt2live]

There's the concern of users seeing errors all over the place regarding connectivity (favicon, title, status bar above composer, etc)

[richvdh]

Note that this needs to work correctly for SSO flows.

[lampholder]

Ah yes, it could be fiddly to go through supressing all the usual indicators of Riot panicing about connectivity. Although would it really look that bad I wonder?

[nadonomy]

Considering the user can't sync, it might be more graceful to hide the app UI and provide a UI with the only actions a user can take (export encryption keys? 'hard' logout?).

[richvdh]

on the impl side: we'll need to preserve device_id; I'm hoping the app will be able to remember its device_id and resubmit it with the re-login.

[lampholder]

Considering the user can't sync, it might be more graceful to hide the app UI and provide a UI with the only actions a user can take (export encryption keys? 'hard' logout?).

It was @ara4n's suggestion was to leave the regular UX visible in the background, I think to highlight how tantalisingly close you are to a fully working riot session again. But I think I agree - coupled with @turt2live's concerns about the connectivity warnings shining through the greyed out timeline it risks looking kinda glitchy.

Do we want users to be able to export their encryption keys in this state?

[nadonomy]

Do we want users to be able to export their encryption keys in this state?

If it's possible, it'd be a shame to not let users salvage their keys if they can. Am I correct in thinking they could do a local export, but not engage with server side backup?

[turt2live]

Am I correct in thinking they could do a local export, but not engage with server side backup?

@nadonomy yes, they can do a local backup (the old style 'export your keys' before signout dialog)

[nadonomy]

From Zeplin: https://zpl.io/a89QL5x

(Easily missed) comments from Zeplin:

• 'clear all' should lead the user to a confirmation modal to prevent accidental misclicks
• 'Sign In' should lead the user to the sign in flow, with as much info pre-filled as we can (mxid, server)

[turt2live]

I've split this out to several issues to better track progress:

• Show the page
• Prefill login
• Redirect when soft logged out
• Avoid overwriting sessions
• Test using SSO
• Test against Synapse
• and more: https://github.com/vector-im/riot-web/issues?q=is%3Aissue+is%3Aopen+label%3Afeature%3Asoftlogout

[nadonomy]

We had an internal meeting today with several riot/encryption stakeholders and surmised the following:

• Keys are as vulnerable to 'evil maid' attacks via localStorage infiltration, so gating key export behind auth would provide a false sense of security, so we decided against doing so.
• We re-laid out the sections by user intention ("I don't want to sign in" & "Sign in") rather than by mechanic, as it improves the user experience for non technical users.
• The client knows whether or not (a) the user had server side key backup enabled (b) if they did, whether any local keys aren't backed up. Therefore, there are now 2 variants for when a user has all their keys backed up or not.

The latest changes are reflected in Zeplin here: https://zpl.io/a89QL5x
For posterity, full minutes from the sync are also here.

@turt2live I'm adding these notes to #10235, are there any other issues that should be updated based on this?

[turt2live]

Thanks @nadonomy - the comments on #10235 should be enough. I've also put a checklist there to track the bits that need to be done.

[nadonomy]

@turt2live Zeplin is now updated based on the latest requirements: https://zpl.io/a89QL5x

(will also x-post this to #10235)