User registration using social network and Google

[indyjo]

Users should register in order to be eligible to redeem coupons. Therefore, associating a user with a social network ID should be mandatory.

• The workflow should begin in two places:
  • (Latzer: In the Blender add-on: A web UI should pop up by press of a button in Blender.)
  • In the "Account" tab of the web UI.
• In both cases, it would be preferrable to have the HTML delivered by the BitWrk service and not directly by the BitWrk client
  • This means that we can adapt the workflow after a BitWrk client version has been released.
  • This also means that we need to have a mechanism for setting an authorization cookie in the BitWrk client's web UI
  • During the interaction with the Bitwrk service (while registering with a social network), this authorization cookie enables the BitWrk service to make modifying transactions on behalf of the user
  • This authentication mechanism could be the base for future web-based workflows, such as managing coupons (not part of this task, just a thought)
• User registration should at least support:
  • Google
  • LinkedIn
  • Facebook, Blender Cloud?

User registration is helpful in preventing people from creating a lot of fake accounts and redeeming coupons on those. Also, user registration could provide a means for recovering a lost private key (or better: serve as an alternative authentication method).

Q: How would the BitWrk client request an authorization token?
A: Suggested API: BiTWrk client would POST to /authtoken, provide signature(nonce|participantid)

Q: How would the authorization token become a cooke for domain bitwrk.appspot.com?
A: Suggested solution like in this StackOverflow answer:

• Either embed an <img> in the BitWrk client's UI that has the auth token in its URL
• or append the auth token to the workflow URL
  In both cases, query parameters would be used to communicate an authentication token. The BitWrk service would then validate the received token and, if validation was successful, set the corresponding cookie. Care must be taken not to leak the auth token in referer URLs.