:PROPERTIES: :ID: fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769 :END: #+TITLE: IROH Auth UI Enhancements #+Author: Yann Esposito #+Date: [2022-04-15] - tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]] - source :: - related :: [[id:1208f09c-d37d-4e6b-9110-151f3c6b7d34][Cisco FT SecureX Simplified Registration]] The new SecureX Registration page will only be visible by user without any SecureX account. So once they accept an invitation, create an org or when an org request access is accepted, this Registration page will not be reachable. But from the user perspective it makes more sense to still see this intermediate page to have a place to display the list of pending invitations and matching orgs (org whose admins use the same email domain address). So we should present this page not only during the first interaction with SecureX but also every time the user need to select his account. We might also take care about presenting this page until there is a full resolution of invites and matching orgs. In fact on a more generic idea, the Registration Simplification Feature team replaced only the ~account-create~ page. But IROH-Auth generate HTML for the following pages: - account-create; replaced by the Registration UI - account-select; when an user select its account (org) between multiple choices - invite; Confirm to accept the invitation page - login; login page showing all the login buttons currently partially overwritten by SXSO via a routing rule There are also some OAuth2 specific - application-grant; OAuth2 authorization page - device-grant; OAuth2 Application Grant page The fact that IROH-Auth generate these pages from the backend make it a bit harder to update the look and feel, and a lot harder to have dynamic interactions within these pages. * Account Selection The first natural page to replace by the Registration UI is the account selection page. In fact it was discussed it in detail within the FT Simplify Registration meeting how the user should not only see the invites but also the Orgs he could select. From the backend perspective, we need to revive this issue: