do we need mlh login?

[mjrb]

is lcs good enough for mentors to login?

[hemangandhi]

Um... sorta. So LCS with MLH login is its own beast. It's not functional enough for you to use yet, I think (see https://github.com/HackRU/lcs/issues/18). We can test it out later. Don't do your very own MLH login if you want LCS, tho... because then we can end up with duplicate users and likely some other user-facing confusion.

So if you want MLH, MLH through LCS is probably for the best. But please wait a bit.

In lieu of this, I had an idea: https://github.com/HackRU/lcs/issues/26

If you really want a bit of confusion, the react frontend is the only complete implementation of LCS login. But there are docs about it: https://github.com/HackRU/lcs/wiki/LCS-API-endpoints#mlhcallback. 10/10 would not recommend.

[DonutsInBelly]

So, MyMLH is a really nice QoL offering for our hackers because it's less work for them to apply. If we were talking about this in terms of Key Performance Indicators (KPIs), I imagine MyMLH helps us increase our conversion rate of viewers to applicants because the user isn't overburdened with having to enter in a bunch of information. Here's the creator's presentation on it: https://www.youtube.com/watch?v=7eZ0EkW_occ

You don't need to write MyMLH through LCS. But it would be preferred that you did.

The whole authorization workflow can be done through the Single Page App with an Implicit Grant.

User Clicks Login with MyMLH on React App > Opens Service Auth Request page > After Allowing the request, User is redirected back to the React App > React app gets an Auth Token from the URL > Update our user object with the user's MLH ID

Of course, this depends on if MyMLH has a state parameter. The state parameter helps verify that the requests are coming from our application. Without this, this method is NOT recommended. The state parameter MAY NOT be documented on the MyMLH documentation, but that doesn't mean it doesn't exist. I've found that some things work, but aren't documented with the service before. You could also ask MLH about it by emailing them hi@mlh.io

Resources: https://www.oauth.com/oauth2-servers/oauth2-clients/single-page-apps/ https://my.mlh.io/docs#oauth_flows (On the Implicit Grant with MyMLH)

[mjrb]

That's some great info and is probably more relevant to lcs than helpq and maybe it should be added to HackRU/lcs#26 instead. I was tired last night and thought we may only need lcs login for mentors to login, but since it's no longer a slack bot hackers will also need to login to helpq with MyMLH.

[DonutsInBelly]

Oh sorry I thought I was looking at lcs. But yes to answer your question, its not only relevant for hackers who are receiving help, but for hackers who double as mentors.

[TresTres]

@hemangandhi we should reopen this. To summarize, lots of people were not happy with the idea of putting an auth token into the URL params as we did last semester. With time being a limited resource, and because we cannot find a better alternative, we've been approved to remove MLH login from the front-end entirely this iteration.

I should also make the submission that people also don't think emailing magic links is very secure either, but that's a separate thing entirely.

[hemangandhi]

I should also make the submission that people also don't think emailing magic links is very secure either, but that's a separate thing entirely.

Who's people?

Also, another bit of information: only half of LCS users ever used MLH to login and of those, many tried to then (on the day of) log in with LCS and then were confused about the MLH log in thing.

So far, the data does not reflect any improvement that MLH provides with its login.