Open abroddrick opened 5 months ago
katypies
commented
1 month ago I've added a high priority and refinement label on this. This would be really great to have for folks who use non-gov emails on their accounts, to help confirm they also have a government-connected email address.
cc: @h-m-f-t - this came out of today's meeting for reviews and one of the open issues that we looked at.
abroddrick
commented
1 month ago What is the refinement label being added for? Are there specific questions/concerns?
katypies
commented
1 month ago Since this is several months old, and isn't part of a current milestone, want to be sure that everything is still how we want to handle this, and also if there are any other considerations before we slot it into a sprint.
Issue description
Some users log in with PIV after receiving a domain invitation but then they don't see the domain in their account. Login.gov is returning the email associated with the PIV at login instead of the one used for their domain invitation so the only solution is for the user to avoid using PIV. One workaround of this would be for us to get all their emails from login.gov and use all those emails when retrieving domain invitations and making that user as having been verified by domain invitation
Acceptance criteria
Additional context
Do not save all_emails on the user object as we don't want to accidentally store personal emails that are put on login.gov's system as backups. This was from a conversation with Cameron in the product channel
Note we currently show how a user is verified and right now a user is marked as verified via a domain invitation only based on their main email. It is important that when a user retrieves a domain invitation for one of their other emails they still get marked as verified by domain invitation if they aren't verified by another means as well (such as a legacy user or via Verified by Staff).
Links to other issues