deft/notes/iroh_auth_ui_enhancements.org

:PROPERTIES:
:ID:       fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769
:END:
#+TITLE: IROH Auth UI Enhancements
#+Author: Yann Esposito
#+Date: [2022-04-15]
- tags ::  [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
- source ::
- related :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]]

The new SecureX Registration page will only be visible by user without any
SecureX account.

So once they accept an invitation, create an org or when an org request
access is accepted, this Registration page will not be reachable.

But from the user perspective it makes more sense to still see this
intermediate page to have a place to display the list of pending
invitations and matching orgs (org whose admins use the same email domain address).

So we should present this page not only during the first interaction with
SecureX but also every time the user need to select his account.
We might also take care about presenting this page until there is a full
resolution of invites and matching orgs.

In fact on a more generic idea, the Registration Simplification Feature
team replaced only the ~account-create~ page.
But IROH-Auth generate HTML for the following pages:

- account-create; replaced by the Registration UI
- account-select; when an user select its account (org) between multiple choices
- invite; Confirm to accept the invitation page
- login; login page showing all the login buttons currently partially
  overwritten by SXSO via a routing rule

There are also some OAuth2 specific

- application-grant; OAuth2 authorization page
- device-grant; OAuth2 Application Grant page


The fact that IROH-Auth generate these pages from the backend make it a bit
harder to update the look and feel, and a lot harder to have dynamic
interactions within these pages.

* Account Selection

The first natural page to replace by the Registration UI is the account
selection page.

In fact it was discussed it in detail within the FT Simplify Registration
meeting how the user should not only see the invites but also the Orgs he
could select.

From the backend perspective, we need to revive this issue:
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:52:39 +00:00			`:PROPERTIES:`
			`:ID: fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769`
			`:END:`
			`#+TITLE: IROH Auth UI Enhancements`
			`#+Author: Yann Esposito`
			`#+Date: [2022-04-15]`
			`- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]`
			`- source ::`
			`- related :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]]`

notes/iroh_auth_ui_enhancements.org 2022-04-15 14:54:48 +00:00			`The new SecureX Registration page will only be visible by user without any`
			`SecureX account.`

			`So once they accept an invitation, create an org or when an org request`
			`access is accepted, this Registration page will not be reachable.`

notes/iroh_auth_ui_enhancements.org 2022-04-15 14:55:53 +00:00			`But from the user perspective it makes more sense to still see this`
			`intermediate page to have a place to display the list of pending`
			`invitations and matching orgs (org whose admins use the same email domain address).`
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:52:39 +00:00
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:55:53 +00:00			`So we should present this page not only during the first interaction with`
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:57:01 +00:00			`SecureX but also every time the user need to select his account.`
			`We might also take care about presenting this page until there is a full`
			`resolution of invites and matching orgs.`
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:58:55 +00:00
notes/iroh_auth_ui_enhancements.org 2022-04-15 15:01:13 +00:00			`In fact on a more generic idea, the Registration Simplification Feature`
			`team replaced only the ~account-create~ page.`
			`But IROH-Auth generate HTML for the following pages:`
notes/iroh_auth_ui_enhancements.org 2022-04-15 14:58:55 +00:00
notes/iroh_auth_ui_enhancements.org 2022-04-15 15:03:22 +00:00			`- account-create; replaced by the Registration UI`
			`- account-select; when an user select its account (org) between multiple choices`
			`- invite; Confirm to accept the invitation page`
			`- login; login page showing all the login buttons currently partially`
			`overwritten by SXSO via a routing rule`

			`There are also some OAuth2 specific`

			`- application-grant; OAuth2 authorization page`
			`- device-grant; OAuth2 Application Grant page`


			`The fact that IROH-Auth generate these pages from the backend make it a bit`
			`harder to update the look and feel, and a lot harder to have dynamic`
			`interactions within these pages.`

			`* Account Selection`

notes/iroh_auth_ui_enhancements.org 2022-04-15 15:05:19 +00:00			`The first natural page to replace by the Registration UI is the account`
			`selection page.`

			`In fact it was discussed it in detail within the FT Simplify Registration`
			`meeting how the user should not only see the invites but also the Orgs he`
			`could select.`

			`From the backend perspective, we need to revive this issue:`