search

RocketChat / EmbeddedChat

An easy to use full-stack component (ReactJS) embedding Rocket.Chat into your webapp
https://rocketchat.github.io/EmbeddedChat/docs
126 stars 252 forks source link

Support authentication by directly passing access_token and service_name #216

Closed abhinavkrin closed 1 year ago

abhinavkrin commented 1 year ago

Apart from embeddedchat handling the login UI, we can do this automatically if we pass directly the required token. This will help the developer to reuse the token if the user is already logged in to the app.

ghost commented 1 year ago

Automating Login with Token for Improved User Experience

Hello team,

I hope this message finds you well. I would like to propose an enhancement to our app's login process that would significantly improve the user experience while reducing login friction.

Currently, we rely on embeddedchat to handle the login UI, which works well for most scenarios. However, there is an opportunity to further streamline the process by automating it when the user is already logged in to the app. By passing the required token directly, we can skip the login UI and seamlessly authenticate the user, saving them valuable time and effort.

Here's how it would work:

  1. Once the user successfully logs in, we generate a token specific to their session.
  2. We securely store this token on the client side, leveraging mechanisms such as local storage or cookies.
  3. On subsequent visits, we automatically check for the presence and validity of the token.
  4. If the token is valid, we bypass the login UI and authenticate the user automatically.
  5. If the token is invalid or expired, we redirect the user to the login page to reauthenticate.

By implementing this automated login process, we can significantly enhance the user experience, especially for returning users who frequently access our app. They will no longer need to repeatedly enter their credentials, resulting in a more seamless and frictionless interaction.

However, it's important to ensure the security of the token and take appropriate measures to protect it from unauthorized access. We should consider encryption techniques, regular token rotation, and other security best practices to mitigate potential risks.

This enhancement will not only benefit our users but also provide developers with a more efficient way to integrate login functionality into their app flows. They can simply reuse the token if the user is already logged in, reducing the need for additional UI components and simplifying the development process.

I believe this improvement aligns well with our goal of delivering an exceptional user experience, and I recommend considering it for the next pull request.

Please feel free to share your thoughts and provide any feedback you may have.

Best regards, Aravind Akuthota

abhinavkrin commented 1 year ago

Automating Login with Token for Improved User Experience

Hello team,

I hope this message finds you well. I would like to propose an enhancement to our app's login process that would significantly improve the user experience while reducing login friction.

Currently, we rely on embeddedchat to handle the login UI, which works well for most scenarios. However, there is an opportunity to further streamline the process by automating it when the user is already logged in to the app. By passing the required token directly, we can skip the login UI and seamlessly authenticate the user, saving them valuable time and effort.

Here's how it would work:

  1. Once the user successfully logs in, we generate a token specific to their session.
  2. We securely store this token on the client side, leveraging mechanisms such as local storage or cookies.
  3. On subsequent visits, we automatically check for the presence and validity of the token.
  4. If the token is valid, we bypass the login UI and authenticate the user automatically.
  5. If the token is invalid or expired, we redirect the user to the login page to reauthenticate.

By implementing this automated login process, we can significantly enhance the user experience, especially for returning users who frequently access our app. They will no longer need to repeatedly enter their credentials, resulting in a more seamless and frictionless interaction.

However, it's important to ensure the security of the token and take appropriate measures to protect it from unauthorized access. We should consider encryption techniques, regular token rotation, and other security best practices to mitigate potential risks.

This enhancement will not only benefit our users but also provide developers with a more efficient way to integrate login functionality into their app flows. They can simply reuse the token if the user is already logged in, reducing the need for additional UI components and simplifying the development process.

I believe this improvement aligns well with our goal of delivering an exceptional user experience, and I recommend considering it for the next pull request.

Please feel free to share your thoughts and provide any feedback you may have.

Best regards, Aravind Akuthota

Hey, @AravindAkuthota You will be glad to know that this feature would be implemented during this Google Summer of Code 2023 project. Expect a much better and customizable chat component by the end of the GSoC project.