Updated authorization flow. Intention is that both project admins and subjects are able to register their REST account with the rest source authorizer. A setup with a token state is used to allow state to be persisted between starting registration and finishing it. If it turns out that this is not feasible, the state could be persisted in the session storage instead.
[x] created API
[x] frontend flow
[x] add Link new account button on the main page.
[x] on the new registration page, add button to either authorize or create a registration link
[x] create a page that recognises token and secret parameters that forms a welcome page for a subject
[x] create a page that thanks the subject for finishing registration or warn them of errors
[x] add registration action to each row of a user that is unauthorised, so unauthorised users can be re-authorized.
The API can be used as follows:
press create user
select source type, project, user ID, start date, end date
After the user has been created, an account registration request can be created at POST <backend url>/registrations with contents
interface RegistrationCreateRequest {
userId: String // matches RestSourceUserResponse.id
persistent?: Boolean // set to true to get a long-living token
}
with response (for token abcdef)
HTTP 201 Created
Location: <backend url>/registrations/abcdef
interface RegistrationResponse {
token: String
secret?: String // only defined if the registration is persistent
userId: String
authEndpointUrl?: String // only defined if the registration is not persistent
expiresAt: Instant
persistent: Boolean
}
The token and secret can be used in a frontend URL to pass to the backend at a later time, or the authEndpointUrl can used immediately.
If the user created a persistent token, the authEndpointUrl can be retrieved with a request to POST <backend url>/registrations/<token> with contents
interface RegistrationRequest {
secret: String
}
and it will return the authorization URL to be used:
When the user is authorized, they will be redirected to <frontend url>/users:new with a number of query parameters, including the state parameter. To finalize the authentication procedure, call POST <backend url>/registrations/<state>/authorize with contents. Alternatively, if the external service does not provide the state back, store the token in session storage and use that instead.
Updated authorization flow. Intention is that both project admins and subjects are able to register their REST account with the rest source authorizer. A setup with a token state is used to allow state to be persisted between starting registration and finishing it. If it turns out that this is not feasible, the state could be persisted in the session storage instead.
The API can be used as follows:
press create user
select source type, project, user ID, start date, end date
request
POST <backend url>/users
with contentswhich will have response (for user 1)
After the user has been created, an account registration request can be created at
POST <backend url>/registrations
with contentswith response (for token
abcdef
)The token and secret can be used in a frontend URL to pass to the backend at a later time, or the
authEndpointUrl
can used immediately.If the user created a persistent token, the
authEndpointUrl
can be retrieved with a request toPOST <backend url>/registrations/<token>
with contentsand it will return the authorization URL to be used:
When the user is authorized, they will be redirected to
<frontend url>/users:new
with a number of query parameters, including thestate
parameter. To finalize the authentication procedure, callPOST <backend url>/registrations/<state>/authorize
with contents. Alternatively, if the external service does not provide the state back, store the token in session storage and use that instead.with response