2022-04-15 14:52:39 +00:00
|
|
|
:PROPERTIES:
|
|
|
|
:ID: fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769
|
|
|
|
:END:
|
|
|
|
#+TITLE: IROH Auth UI Enhancements
|
|
|
|
#+Author: Yann Esposito
|
|
|
|
#+Date: [2022-04-15]
|
|
|
|
- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
|
|
|
|
- source ::
|
|
|
|
- related :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]]
|
|
|
|
|
2022-04-15 14:54:48 +00:00
|
|
|
The new SecureX Registration page will only be visible by user without any
|
|
|
|
SecureX account.
|
|
|
|
|
|
|
|
So once they accept an invitation, create an org or when an org request
|
|
|
|
access is accepted, this Registration page will not be reachable.
|
|
|
|
|
2022-04-15 14:55:53 +00:00
|
|
|
But from the user perspective it makes more sense to still see this
|
|
|
|
intermediate page to have a place to display the list of pending
|
|
|
|
invitations and matching orgs (org whose admins use the same email domain address).
|
2022-04-15 14:52:39 +00:00
|
|
|
|
2022-04-15 14:55:53 +00:00
|
|
|
So we should present this page not only during the first interaction with
|
2022-04-15 14:57:01 +00:00
|
|
|
SecureX but also every time the user need to select his account.
|
|
|
|
We might also take care about presenting this page until there is a full
|
|
|
|
resolution of invites and matching orgs.
|
2022-04-15 14:58:55 +00:00
|
|
|
|
2022-04-15 15:01:13 +00:00
|
|
|
In fact on a more generic idea, the Registration Simplification Feature
|
|
|
|
team replaced only the ~account-create~ page.
|
|
|
|
But IROH-Auth generate HTML for the following pages:
|
2022-04-15 14:58:55 +00:00
|
|
|
|
2022-04-15 15:03:22 +00:00
|
|
|
- account-create; replaced by the Registration UI
|
|
|
|
- account-select; when an user select its account (org) between multiple choices
|
|
|
|
- invite; Confirm to accept the invitation page
|
|
|
|
- login; login page showing all the login buttons currently partially
|
|
|
|
overwritten by SXSO via a routing rule
|
|
|
|
|
|
|
|
There are also some OAuth2 specific
|
|
|
|
|
|
|
|
- application-grant; OAuth2 authorization page
|
|
|
|
- device-grant; OAuth2 Application Grant page
|
|
|
|
|
|
|
|
|
|
|
|
The fact that IROH-Auth generate these pages from the backend make it a bit
|
|
|
|
harder to update the look and feel, and a lot harder to have dynamic
|
|
|
|
interactions within these pages.
|
|
|
|
|
|
|
|
* Account Selection
|
|
|
|
|
2022-04-15 15:05:19 +00:00
|
|
|
The first natural page to replace by the Registration UI is the account
|
|
|
|
selection page.
|
|
|
|
|
|
|
|
In fact it was discussed it in detail within the FT Simplify Registration
|
|
|
|
meeting how the user should not only see the invites but also the Orgs he
|
|
|
|
could select.
|
|
|
|
|
2022-04-15 15:08:41 +00:00
|
|
|
From the backend perspective, we need to create a new endpoint to the IROH Auth SPA API:
|
|
|
|
|
|
|
|
#+begin_src
|
|
|
|
/accounts
|
|
|
|
#+end_src
|
|
|
|
|
|
|
|
This endpoint should provide a list of Accounts. Each account will be an
|
|
|
|
object with:
|
|
|
|
|
|
|
|
- SecureX User
|
|
|
|
- SecureX Org
|
|
|
|
- A URL such that if the user go to this URL, he will be redirected with
|
|
|
|
this account selected.
|
2022-04-15 15:10:01 +00:00
|
|
|
|
|
|
|
Mainly, this endpoint should provide all the data we use while creating the
|
|
|
|
current account selection page in the backend.
|
2022-04-15 15:13:15 +00:00
|
|
|
|
|
|
|
* Invite Confirmation Page
|
|
|
|
|
|
|
|
We need to think about how to replace it.
|
|
|
|
|
|
|
|
* Login Page
|
|
|
|
|
|
|
|
Already partially overwritten by an SXSO page, but this login page sometime
|
|
|
|
reappears. So work here might ever be not necessary, or perhaps we could
|
|
|
|
make a proper redirection powered by IROH-Auth. Currently, no code change
|
|
|
|
was made in IROH to change this page, there is just a rule that redirect
|
|
|
|
user from =/iroh/iroh-auth/login= to the SXSO specific SecureX login page.
|