Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show account linking page for social sign in guest users #2739

Merged
merged 1 commit into from
May 23, 2024
Merged

Show account linking page for social sign in guest users #2739

merged 1 commit into from
May 23, 2024

Conversation

coldlink
Copy link
Member

@coldlink coldlink commented May 23, 2024
edited
Loading

What does this change?

Currently users who are "guest" accounts (i.e users in Okta who are not in the ACTIVE state) get blocked from authenticating with a social identity provider by Okta. Okta returns an error to us with the error=access_denied&error_description=User+status+is+invalid. query parameters, however this error was not being handled correctly, and users were either being show a "Not Found" or "Error" page, which wasn't proving to be great UX.

Ideally we'd rectify the issue when the user authenticates, however all of social authentication happens through Okta, and all we get back from Okta is either a success (user created and authenticated) or failure (something went wrong). We're still investigating how best we should manage this.

For now we should improve the user experience. In Gateway we already have the "Account Linking" failed page for social users for a different purpose (if the user wasn't in the correct group). This page doesn't have social buttons, only email and password, and an error message explaining that we were unable to sign in with social and to use email and password instead.

This PR now handles the specific error correctly, and we also redirect to this account linking denied page. We also expand the error message to suggest reseting their password, or contacting support. We also handle any other OAuth errors using our generic handler.

Screenshot Video

localhost_6006_iframe html_globals=viewport_MOBILE id=pages-signin--social-signin-blocked viewMode=story(iPhone 14 Pro Max) (1)
Screen.Recording.2024-05-23.at.15.42.30.mov

Tested

  • CODE

@coldlink coldlink marked this pull request as ready for review May 23, 2024 14:21
@coldlink coldlink requested a review from a team as a code owner May 23, 2024 14:21
@coldlink coldlink requested review from guardian-ci and removed request for guardian-ci May 23, 2024 14:41
@coldlink coldlink requested review from guardian-ci and removed request for guardian-ci May 23, 2024 14:51
raphaelkabo
raphaelkabo approved these changes May 23, 2024
View reviewed changes
Copy link
Contributor

@raphaelkabo raphaelkabo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦀 🚫

@coldlink coldlink merged commit e0c9fba into main May 23, 2024
27 checks passed
@coldlink coldlink deleted the mm/social-guest-fix branch May 23, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raphaelkabo raphaelkabo raphaelkabo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coldlink @raphaelkabo