frenck
commented
3 years ago I think this is fine. Should we add an update date or changelog or something to these?
Closed balloob closed 3 years ago
frenck
commented
3 years ago I think this is fine. Should we add an update date or changelog or something to these?
balloob
commented
3 years ago Added a changelog.
amelchio
commented
3 years ago I am fine with the change. However, an ADR should not just document what has been decided but also why.
In #270 webscraping of local devices was rejected. Top arguments included webscraping being a horror that must unconditionally be avoided and the observation that a local website is still a webstite. This document should make it clear to future contributors (and maybe me) why those concerns do not apply to login pages.
The reasoning in the description does not seem to explain it, it sounds more like a contradiction to me:
The problem is not that the API is based on scraping, but that some parts of the login form require extraction of all the form fields.
balloob
commented
3 years ago I've updated the initial comment.
We've seen more and more integrations struggle with ADR004. The problem they struggle with is not that the data fetching is based on scraping, but that some parts of the authentication flow requires extraction of the form fields and their values. Fetching data should happen via an API. We will be more flexible, and hinder less integrations, if we allow integrations to extract forms during the authentication flow.
That's why I want to propose that we amend ADR004 to allow web scraping of forms during the authentication phase. For robustness, integrations should fetch all fields of the form and not individually extract values of fields in the form. These are less likely to change.
Please limit discussion in this PR to this change. Discussing the ADR004 or other amendments is out of scope for this PR. Start a discussion topic instead.