-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable feature-flagged use of OAuth login in client #313
Comments
During a backlog refinement session we noted that this could be confusing due to the way that logging out of the client also logs you out of the web service - and therefore will affect your identity-based-on-session when fetching app.html. Slack discussion. |
@fatbusinessman proposed that we had a local feature flag to the client in the extension's options panel as an "Experimental" option. I'm good with this. Meanwhile for local development we can just use the normal feature flag infrastructure but be limited to using the "Everyone" flag to turn it on or off for everyone. See https://hypothes-is.slack.com/archives/C5JB5AL11/p1497448370168893 |
Nick suggested one other option which would be to have a URL fragment token activate the feature flag if present when the client loads. |
Enable OAuth-based login for the client behind a feature flag. Since the user is not logged in to the client at the point when the client needs to decide which path to use, the client's regular feature-flag infrastructure cannot be used. Instead this feature flag will be activated based on the user's session cookie when
app.html
is requested for the embedded client.If the OAuth login flag is enabled for the user, a configuration flag will be set in
app.html
which makes the client use the OAuth authorization flow instead of the cookie-based auth flow.Current proposal
The text was updated successfully, but these errors were encountered: