Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: OAuth login flow #1707

Merged
merged 7 commits into from
Oct 25, 2021
Merged

fix: OAuth login flow #1707

merged 7 commits into from
Oct 25, 2021

Conversation

dpgaspar
Copy link
Owner

@dpgaspar dpgaspar commented Oct 4, 2021
edited
Loading

Description

Since #1618 that, when there's only an OAuth2 provider the user is redirected directly to the provider Auth flow. This is nice but unfortunately makes it impossible for the user to completely signoff from the application.

This PR disables the automatic signin but simplifies the auth flow for OAuth, users are no longer required to choose a provider and then click Signin, that caused confusion even more when there's only one provider.
Current flow just renders a Sigin for each provider that the user chooses, one step only.

Also removed the register option since it was not needed. If AUTH_USER_REGISTRATION is True the sigin automatically registers the user.

Before:

Screenshot 2021-10-04 at 15 22 19

After, with just one provider:

Screenshot 2021-10-04 at 15 19 12

After, with multiple providers:

Screenshot 2021-10-04 at 15 21 03

ADDITIONAL INFORMATION

@codecov
Copy link

codecov bot commented Oct 4, 2021
edited
Loading

Codecov Report

Merging #1707 (7c074a3) into master (fdf5784) will increase coverage by 0.12%.
The diff coverage is 93.33%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1707      +/-   ##
==========================================
+ Coverage   76.67%   76.80%   +0.12%     
==========================================
  Files          55       56       +1     
  Lines        8091     8114      +23     
==========================================
+ Hits         6204     6232      +28     
+ Misses       1887     1882       -5
Flag Coverage Δ
python 76.80% <93.33%> (+0.12%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
flask_appbuilder/security/views.py 62.88% <50.00%> (+0.85%) ⬆️
flask_appbuilder/security/api.py 90.69% <89.47%> (+6.97%) ⬆️
flask_appbuilder/security/schemas.py 95.00% <95.00%> (ø)
flask_appbuilder/__init__.py 100.00% <100.00%> (ø)
flask_appbuilder/security/manager.py 75.59% <100.00%> (+0.21%) ⬆️
flask_appbuilder/fields.py 59.28% <0.00%> (-1.43%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4f7ca85...7c074a3. Read the comment docs.

@dpgaspar dpgaspar marked this pull request as ready for review October 4, 2021 14:29
@dpgaspar dpgaspar mentioned this pull request Oct 4, 2021
Closed
@shawnzhu
Copy link
Contributor

shawnzhu commented Oct 4, 2021

@dpgaspar I like this change because:

  1. it improves the sign-in flow for users who use OAuth2 provider(s), just like any other websites supports social login buttons.
  2. make the oauth2 provider name explicit
  3. could log out users (by redirecting back to the sign in page).

Removal of the Register button makes sense. Since people will take it as alternative of OAuth2 provider which is not the case at all when using AUTH_TYPE = OAUTH2_AUTH

@shawnzhu
Copy link
Contributor

shawnzhu commented Oct 4, 2021

The only comments from me is this is a break change of sign in UX (no more auto sign-in, new Sign in with xxx 🥳 button) which needs to be documented, so I assume there will be documentation change as well (happy to help if needed!)

@shawnzhu
Copy link
Contributor

@dpgaspar Thanks for making this change, may I ask when this PR can be merged?

@dpgaspar
Copy link
Owner Author

@shawnzhu sorry about this, lot's of other priorities, kind of undecided where to place docs to alert user's on the breaking UI change. What do you think about placing it on the docs/auth and creating a notice on README with a link to the docs?

@shawnzhu
Copy link
Contributor

Yes, a notice in the authentication section would be good enough for me. Since merged changes will show up in release notes, this PR is already a good way to communicate break change.

@dpgaspar
Copy link
Owner Author

Merged, planning on making the release this week (3.4.0)

@shawnzhu Thank you for you help

@dpgaspar dpgaspar merged commit a1a4f80 into master Oct 25, 2021
@dpgaspar dpgaspar deleted the fix/oauth-login-flow branch October 25, 2021 09:03
@shawnzhu
Copy link
Contributor

Just tried this feature from v3.4.0, works great and thank you @dpgaspar !

@dpgaspar
Copy link
Owner Author

that's great, thank you for ALL your help, really appreciated

@gnought gnought mentioned this pull request Nov 13, 2021
Closed
9 tasks
@villebro villebro mentioned this pull request Nov 19, 2021
Merged
@kamalkeshavani-aiinside kamalkeshavani-aiinside mentioned this pull request Feb 4, 2022
Closed
@rimolive rimolive mentioned this pull request Mar 31, 2022
Merged
@mgorsk1
Copy link

mgorsk1 commented Aug 29, 2022
edited
Loading

I just dug out this PR as this change has influenced our user flow. I wonder whether this is something community would consider bringing back but maybe as a opt-in behavior? I am happy to contribute the PR.

cc @shawnzhu

@dkalamar dkalamar mentioned this pull request Sep 30, 2023
Merged
6 tasks
@oldchurch12 oldchurch12 mentioned this pull request Apr 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dpgaspar @shawnzhu @mgorsk1