Open christpet opened 3 years ago
@christpet I updated a few things since this go beyond the extension usecase.
The authentication mechanism will handle current and future usecase:
The extension will need extra product design (interface, etc...) to use authentication, we should track this somewhere else:
created this https://github.com/dis-moi/extension/issues/843
Oh okay fabulous, thank you! Sounds great. I will assign to myself then in order to push for definition.
For future reference :
Other subjects:
https://www.w3.org/TR/activitystreams-core/#model https://demo.hedgedoc.org/PIO7i42FRCC4xe1TZwSTPA#
About the solution : Do we really need authentification in extension ? In those usecases, as extension user who wants to contibute, I can authenticate in a webpage directly. Why do i need to authenticate before in the extension ? Indeed, really contextual informations (current webpage, even the message I started to draft...) can be trasnfered as filled data in a webpage, without authentification.
Good point @MaartenLMEM , we should be clear that the usecase requires authentication in the extension. This is something to discuss with Pierrick and coordinate with the new contrib UI.
Because through this feature all bulles posted will be posted as "drafts", this problem is not too much of a risk.
So then inside this current issue, we can focus on authentication API for future needs (Bulk contribution, Contributor web interface).
Good point @MaartenLMEM , we should be clear that the usecase requires authentication in the extension. This is something to discuss with Pierrick and coordinate with the new contrib UI. Because through this feature all bulles posted will be posted as "drafts", this problem is not too much of a risk.
=> Yes currently it's sent from extension. But tomorrow we can imagine a webpage stage to complete my contribution started in my extension, in context. To summarize, I see two options :
I created issue #332 to tackle step 0 and step 1. And then #333 will follow.
@christpet @prk-dismoi could you take 2 minutes to read this 2016 issue Concerns raised there are still valid in 2021, at least part of it. I know it's code related but it presents very well some of challenges we will face when implementing Users, Authentication, Roles and ACLs related code.
This is referring to the conversation we had @lutangar around the new feature described here: https://github.com/dis-moi/backend/pull/161
and here: https://github.com/dis-moi/extension/pull/800
Quick background:
Problem:
If a user posts a contribution with the same email address as an existing contributor account, the post will appear as coming from that contributor. #314
Solution:
We need a way to authenticate the extension user as the contributor. Exactly how we do this needs to be specified. Let's discuss and choose the best way forward here.