Login with Registration user

[pbastia]

Description:

As a user, I want to be able to login (IDIR or bceid) with my user setup in registration.

Brief description of the work involved, including any user research context or key decisions.

Acceptance Criteria:

Given I am a user of the reporting app When I am on the landing page of the app Then I can see a login button

Given I am a user of the reporting app When I click the login button Then I am directed through the KC login flow for the registration app

Given I am a user of the reporting app When I login Then I can see a page that is only accessible to logged in users

Development Checklist:

• [x] Keycloak wired in the server side of nextjs (see registration)
• [x] Environment variables for KC
• [x] Login buttons work
• [x] Meets the DOD

Definition of Ready (Note: If any of these points are not applicable, mark N/A)

• [ ] User story is included
• [ ] User role and type are identified
• [ ] Acceptance criteria are included
• [ ] Wireframes are included (if required)
• [ ] Design / Solution is accepted by Product Owner
• [ ] Dependencies are identified (technical, business, regulatory/policy)
• [ ] Story has been estimated (under 13 pts)

Definition of Done (Note: If any of these points are not applicable, mark N/A)

• [ ] Acceptance criteria are tested by the CI pipeline
• [ ] UI meets accessibility requirements
• [ ] Configuration changes are documented, documentation and designs are updated
• [ ] Passes code peer-review
• [ ] Passes QA of Acceptance Criteria with verification in Dev and Test
• [ ] Ticket is ready to be merged to main branch
• [ ] Can be demoed in Sprint Review
• [ ] Bugs or future work cards are identified and created
• [ ] Reviewed and approved by Product Owner

Blocking

This ticket is blocking #110

Blocked By

This is blocked by #163

Notes:

-

[pbastia]

One question: When a user tries to login, and they have never been in the registration app, what do we do? Options:

• create a user record in the registration app
• refuse login and redirect to registration app
• display a relevant error message with a link to the registration app
• ...? @patriciarussellCAS @dleard @andrea-williams @mikevespi

[andrea-williams]

One question: When a user tries to login, and they have never been in the registration app, what do we do? Options:

• create a user record in the registration app
• refuse login and redirect to registration app
• display a relevant error message with a link to the registration app
• ...? @patriciarussellCAS @dleard @andrea-williams @mikevespi

in Registration, we have already implemented the logic that as soon as a new user logs in with either IDIR or Business BCeID, a new user record is created. From what I saw in the wireframing party last week, the intention is that our 3 modules will all be asked from the same URL (unless I misunderstood entirely), so there might not be any work required on the reporting side for this... ?

[pbastia]

That would be fantastic! So just hook up to the registration API for the user creation?

[dleard]

I will flag that they will not be able to do anything in the reporting app until they have requested and been given access to an operator in the registration app, so displaying a message or redirecting them may be what we want

[andrea-williams]

...yessssss? Or maybe not even that? Assuming that users will be accessing the Reporting module from the same url as the Registration module (i.e., industrialemissions.gov.bc.ca), when they go to that link they'll see this page

https://cas-reg-frontend-dev.apps.silver.devops.gov.bc.ca/home

and so would have to log in anyway before they can access anything else. And as soon as a user submits their login, a new user record is created in our DB (assuming there isn't one already for them in there). From what I understand, we'll eventually be replacing the default page after sign in (that right now is the "Registration Dashboard" page) with a more generic home page for all 3 modules.

In Registration we're using next-auth to store user session data, including user id and their app_role, which determines what features they have access to on the frontend, and is used to audit all API requests the user sends. So we could just insert some logic that external users don't see the Reporting module unless they're assigned to an Operator.

[mikevespi]

My understanding is similar to Andreas. What we've been communicating to the BA is that this is going to feel like a single app to the end user. That should mean login is handled once by a common page, and while it still needs to be figured out what exactly it will look like, there will be some "homepage" that will provide paths to all of the different modules we're building. I think that if we're looking at a solution that involves logging into each module independently, we'll need to sync on this and communicate it to the business area, as well as work on defining more formal scopes for the individual modules.

[pbastia]

Sounds great. We can use the registration landing page and login functions, and only expose login protected pages as part of the reporting app :)

[pbastia]

Since we're not sharing login yet, we might want to investigate how to build both frontends and have a login page for each.