Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Canvas users have to manually create and activate Hypothesis accounts #342
Currently users of the Canvas app need to create their own Hypothesis accounts manually. This means manually creating a unique username, giving an email address, manually creating and remembering a password, and verifying the given email address by clicking on a link that we email to it. You can't login to your Hypothesis account until you've verified your email address. Sometimes the verification emails don't arrive (or go into spam folders etc).
For classrooms using Canvas creating accounts can be particularly onerous as the teacher has to get every student through the account creation process successfully before they can begin a Hypothesis annotation assignment.
I also imagine there might be trouble identifying students, given that they can choose any Hypothesis username they want and this may not match their real name or Canvas username.
There are some other parts of the Canvas app that are awkward with usernames too (see the various Google docs and screencasts, TODO: list the particular problems here).
Possible ways around this dependency
We considered but rejected a few workarounds that would allow us to deliver Canvas account integration without also having to deliver #341 at the same time:
First-party or third-party accounts?
Automatically creating and logging in to first-party accounts for Canvas users would mean that they could continue to have the Hypothesis experience they have now (the Public group, and ability to manually create and join private groups, and activity pages, etc) and then we could solve the problem of automatically creating private groups for Canvas courses later.
But auto-creating first-party accounts has a lot of issues. You can't have two different first-party accounts with the same username, or with the same email address, and someone might have already manually created an account with the same username and/or email address as the one we want to automatically create an account with. If an account already exists we don't know if it was created automatically by Canvas or manually by a user, and we don't know whether that user is really the same person who's currently using us via Canvas, etc.
Creating third-party accounts for Canvas users, as we do for eLife users, avoids this problem. You can have a third-party account with the same username and/or email address as an existing, manually created first-party account, that's not a problem. And we know that all Canvas third-party accounts were created automatically by the Canvas app. But third-party accounts lose access to the Public group, manual private groups, activity pages, etc etc. This seems to mean that we need to solve the #341 issue for Canvas users if we want to create third-party accounts for them.
When the Hypothesis client is launched within Canvas:
TODO: Insert explanation of authorities in Hypothesis.
Issues with the suggested solution
User who already have Hypothesis accounts won't be able to use them in Canvas anymore. They will still be able to use those accounts on the https://hypothes.is website and to annotate pages using the Chrome extension, but they won't be able to use to those accounts within Canvas.
There are existing users who've manually created normal, first-party Hypothesis accounts and have/are using them with Hypothesis inside Canvas. If, whenever Hypothesis is launched within Canvas, we automatically log the user in to an automatically generated third-party account based on their Canvas account, then the user will not be able to use any existing first-party Hypothesis account inside Canvas anymore. Just like you can't use Hypothesis accounts on eLife.
I don't think there's any easy way for us to allow existing accounts to be used or to link existing accounts to Canvas accounts. You can imagine ways that this might work but they'd involve user interaction and a lot more implementation work.
We do however already have a plan to allow a user to be logged in to multiple accounts at once in the future, this may solve this problem for us: #298.
Canvas users won't be able to view activity pages or other pages on the https://hypothes.is/ website including user pages, group pages, creating new private groups, joining existing private groups, the account settings page, the stream.
Various small changes will be needed to the client. Whenever you login with a third-party account the client currently does a handful of things that're only appropriate for publisher group / eLife accounts. We'd have to design and implement correct behaviours for each of these for Canvas. The difficult part of this is that we're going to want one set of behaviours for eLife / publisher groups, and another for Canvas (and another for first-party accounts), so the client no longer needs to just distinguish between first- and third-party accounts, it now needs to distinguish between publisher accounts and Canvas: