Login doesn't provide for entering a different user id/password

[lehors]

Apparently when you have logged into the system once, the next time you click login you get directly into the system with no ability to enter different credentials. Even logging out doesn't make any difference. Click login again gets you straight back in with the same credentials.

[isitopenai]

The login system (using the Login link in the main navigation) on the production instance is tied to a GitHub OAuth app. This requires a GitHub API client ID and secret key, which are not stored in the MOT repository for security reasons. When you log in via GitHub, a Drupal account is created and linked to your authorized GitHub account. Any subsequent logins will automatically use your linked GitHub credentials. If you wish to use a different account, you must revoke authorization under Settings -> Applications -> Authorized OAuth Apps in GitHub.

For a local instance, users should log in at http(s)://<local_url>/user, where a local Drupal username and password can be used each time.

We might want to consider reworking the Login navigation link for local instances by implementing an environment variable to detect whether the instance is local or production.

[lehors]

Thanks for the background but clearly that's not very user friendly. Even if an authentication token is used the user should be prompted for their user id so that they can enter a different one if they want to.

[gregcube]

I believe this is just how GitHub OAuth works. If the user wants to use a different user id, they need to log out of github, or switch their github account, then log into MOT again to authorize the OAuth app for that account.

Perhaps on MOT logout we can destroy the authorization token on github so with each and every MOT login they need to reauthorize the OAuth app, at which stage they can select whatever github account they want to use if they have more than one. I'll dig into this more.