search

freeCodeCamp / classroom

BSD 3-Clause "New" or "Revised" License
144 stars 120 forks source link

Add an explicit opt-in step to join Classroom #70

Closed utsab closed 1 year ago

utsab commented 2 years ago

Right now, here is the flow: 1) the student clicks the "join" link.
2) Student is taken to the Join page on the classroom app.
3) Request to the mock API endpoint which returns the uuid

Ideally, after the student clicks the join link, auth0 redirects to freecodecamp.org. The student gives permissions to share information with the classroom app. Student is redirected to the classroom app.

Edit (Mrugesh):

Every user (student) of freeCodeCamp should opt-in to sharing their data with the Classroom app. It requires some development work on the freeCodeCamp (main) project as well. Here is a list of action items that we want to do:

  1. Classroom app gets a verified user from our IdP (which is Auth0) and hands off the request to Classroom's backend API.
  2. The backend API checks with freeCodeCamp API if the user has opted-in for sharing data with the Classroom app (more on this later).
  3. The freeCodeCamp API can respond with status as the case may be.
  4. The Classroom UI app can display a message which is either the user had opted-in already or a link to the settings page on freeCodeCamp where they can check off a box to opt-in.
  5. The Classroom UI and Backend can repeat step 2 as many times as needed to confirm when the user has opted-in.

We'll need to complete Issue #56 before we can work on this issue.

utsab commented 2 years ago

@raisedadead's example Auth0 app would utilize two sets of keys:

raisedadead commented 2 years ago

Hey @utsab

I updated the OP to reflect the actual need for this.

I mulled over this a bit and came up with a workflow that should cover different scenarios and how all the stakeholders like freeCodeCamp API, Classroom UI, Classroom API, and our various IdP (GitHub, Google, Email via Auth0) tie together.

It's best we always define the responsibility of the stakeholders.

While it could be more convenient that a user is taken to freeCodeCamp to opt-in, I think it's better long-term that freeCodeCamp remains agnostic of apps that get built upon its core platforms.

So, I propose a more simple and modular logic in the OP.

Let me know what you think, and we can discuss the specifics in more detail over our next call.

GuillermoFloresV commented 1 year ago

Now being tracked inside of #479