You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We want users running in browsers with restrictive policies on third-party cookies (most notably Safari) to be able to log into the Hypothesis client without having visited the hypothes.is domain in their current browser.
If the user is not already logged in on the hypothes.is domain, a popup window opens, asking them to log in
If the user is logged in on the hypothes.is domain, the popup immediately closes, returning a token to the client and logging them in
Technical considerations
Because we are initially implementing this only for known clients, we can rely on the postMessage API and not implement the OAuth redirect flow for now.
We’re planning to feature-flag this for both the browser extension and embedded clients. One option for feature-flagging in the browser extension is to add a new configuration option into the extension’s options panel, marked as experimental.
Background
We want users running in browsers with restrictive policies on third-party cookies (most notably Safari) to be able to log into the Hypothesis client without having visited the
hypothes.is
domain in their current browser.Some further context on the problems we’re solving.
Proposed user flow
hypothes.is
domain, a popup window opens, asking them to log inhypothes.is
domain, the popup immediately closes, returning a token to the client and logging them inTechnical considerations
Because we are initially implementing this only for known clients, we can rely on the
postMessage
API and not implement the OAuth redirect flow for now.We’re planning to feature-flag this for both the browser extension and embedded clients. One option for feature-flagging in the browser extension is to add a new configuration option into the extension’s options panel, marked as experimental.
Further details are in the technical design document.
Implementation checklist
(Further items to be added as we come across them.)
localStorage
?)Additional notes
This ticket was extracted from parts of #310, #311, #313, #314 and #315, taking a minimum useful slice of functionality from each.
This is a part of the functionality expressed in #159, namely “provide an OAuth-based method for logging into Hypothesis”.
The text was updated successfully, but these errors were encountered: