casbin-bot
commented
4 weeks ago @tangyang9464 @JalinWang @imp2002
Open mallipatil opened 4 weeks ago
casbin-bot
commented
4 weeks ago @tangyang9464 @JalinWang @imp2002
hsluoyz
commented
2 weeks ago See: https://door.casdoor.com/signup
If the user clicks the OAuth icons, show the Please accept the agreement! alert error if not checked. After checked, OAuth will redirect.
hsluoyz
commented
2 weeks ago @mallipatil for other questions, plz create new issue. One issue is for one question.
mallipatil
commented
2 weeks ago Thank you for considering this request.
Yes, this is correct, look forward for release.
As there is no difference between "sign up & sign-in" process for social logins (OAuth providers), request you to consider same functionality in sign-in page as well. May be its good idea to add as a configurable rule, either in provider button rules or agreement rules, so that it's flexible.
Issue: Enforce acceptance of Terms and Conditions for social logins. As per my analysis (for social logins) • There is no difference between sign up & sign-in via social login providers/links • Acceptance of terms and conditions is not captured • Few OAuth provider does not provide applications specific fields, for example Facebook does share phone numbers via oAuth.
I understand work-around is having custom redirect screen in application to ensure terms and conditions acceptance & collect few important fields (like username, phone number, country code) to capture user details.
Enhancement request: Possibly add new optional redirect/new screen with few customizable fields (i.e., selectable fields present in sign up, sign-in screens), so that it can be used for social login redirects & capture/store data in Casdoor. User should not be allowed to enter application if terms and conditions are not accepted. According to me, it's one of Auth flow & better to include it as part of Identity management.