Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prompt users each time before sending data to an Identity Server that doesn't have a terms of service (unless you have actively set that IS in your account data). #10557

Open
lampholder opened this issue Aug 14, 2019 · 1 comment

Comments

@lampholder
Copy link
Member

commented Aug 14, 2019

No description provided.

@lampholder lampholder changed the title Prompt users before using an Identity Server that doesn't have a terms of service. Prompt users each time before sending data to an Identity Server that doesn't have a terms of service (unless you have actively set that IS in your account data). Aug 30, 2019
@lampholder

This comment has been minimized.

Copy link
Member Author

commented Aug 30, 2019

At the end of phase 1, all Riot clients (mobile and web) will pick the identity server they are going to try and use based on the following order of preference:

  1. the IS set in the user's account data
  2. the IS provided by the .well-known lookup that occurred at login
  3. the IS provided by the app config file

This is only the IS the client will try and use - at the end of phase 1 Riot will only be able to send data to the IS if either:

  • the IS does not expose terms of service, or
  • the user has read and accepted the terms of service

This order of preference potentially raises some edge cases - fundamentally, if you don't set your own IS in account data, the IS you use will be dictated each session by forces outside of your span of control. If you log in whilst your homeserver's .well-known is offline (assuming you jump through the hoops to configure the riot instance to log in despite the absence of the .well-known), you will default to the app's config. Or if your homeserver doesn't serve a .well-known and you log into a different hosted riot instance with a different IS configured as default, you'll use that instead of the one you were using previously.

Chatting this through with @turt2live and @jryans, we concluded that these edge cases were very unlikely to occur, and the only real gap they presented was that, if the new default IS didn't expose terms, you might start sending data to it without realising.

So, the conclusion was this issue - each time, before sending data to an IS that came from either .well-known or app config, if there are no terms to consent to, just warn the user with a pop-up.

In the very rare cases where somebody does want to keep using an IS with no terms, they can make an active choice to add it to their account data, after which Riot will shut up and stop warning them.

@jryans jryans added this to Up Next in Workflow Oct 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Workflow
Up Next
2 participants
You can’t perform that action at this time.