Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable feature-flagged use of OAuth login in client #313

Closed
robertknight opened this issue Jun 6, 2017 · 3 comments
Closed

Enable feature-flagged use of OAuth login in client #313

robertknight opened this issue Jun 6, 2017 · 3 comments
Labels
OAuth

Comments

@robertknight
Copy link
Member

robertknight commented Jun 6, 2017
edited

Enable OAuth-based login for the client behind a feature flag. Since the user is not logged in to the client at the point when the client needs to decide which path to use, the client's regular feature-flag infrastructure cannot be used. Instead this feature flag will be activated based on the user's session cookie when app.html is requested for the embedded client.

If the OAuth login flag is enabled for the user, a configuration flag will be set in app.html which makes the client use the OAuth authorization flow instead of the cookie-based auth flow.

Current proposal

  1. For the embed, use the normal feature-flagging infrastructure. Only the state for the "Everyone" group will matter since the "Login" button's behaviour only changes when logged out.
  2. Add an experimental option to the extension which overrides the default state of this feature flag, thus enabling interested users to test this out on production before we enable it for everyone.
  3. When the client starts, if stored OAuth tokens already exist, then the client will assume the feature flag is enabled and use them. In other words, the feature flag only changes behaviour if the user is logged out.
@robertknight robertknight mentioned this issue Jun 6, 2017
Closed
@robertknight
Copy link
Member Author

During a backlog refinement session we noted that this could be confusing due to the way that logging out of the client also logs you out of the web service - and therefore will affect your identity-based-on-session when fetching app.html. Slack discussion.

@nickstenning nickstenning mentioned this issue Jun 9, 2017
Closed
6 tasks
@robertknight
Copy link
Member Author

@fatbusinessman proposed that we had a local feature flag to the client in the extension's options panel as an "Experimental" option. I'm good with this. Meanwhile for local development we can just use the normal feature flag infrastructure but be limited to using the "Everyone" flag to turn it on or off for everyone.

See https://hypothes-is.slack.com/archives/C5JB5AL11/p1497448370168893

@dhwthompson dhwthompson mentioned this issue Jun 20, 2017
Closed
8 tasks
@robertknight
Copy link
Member Author

Nick suggested one other option which would be to have a URL fragment token activate the feature flag if present when the client loads.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OAuth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robertknight