jon-betts
commented
2 years ago Done! We're now storing basic (non identifying) details about users
Closed marcospri closed 2 years ago
jon-betts
commented
2 years ago Done! We're now storing basic (non identifying) details about users
Both
LTIUserandHUserare currentlyNamedTuplemodels but are not persisted on the DBStore all the info currently held at runtime by LTIUser and HUser into one or two DB tables
Related tickets:
What are we going to store?
LTIUser:user_idoauth_consumer_keyandtool_consumer_instance_guid- As application_instance.idrolesdisplay_name- No. Personally identifyingemail- No. Personally identifyingHUser:username- This is the hashed ID. Very importantdisplay_name- No. Personally identifying and redundant - This is the same asLTIUser.display_nameprovider- No. Redundant - This is the same asLTIUser.tool_consumer_instance_guidprovider_unique_id- No. Redundant - This is the same asLTIUser.user_idFinal list:
LTIUser.user_idLTIUser.oauth_consumer_keyandLTIUser.tool_consumer_instance_guidas application idLTIUser.rolesHUser.usernameWhen is user data available?
Users objects are created in three scenarios we've spotted so far:
The first two could probably be intercepted in
h.secutityin a single place?How are we going to store it?
One approach is to simply store the information. This would mean it was available in the DB, but wasn't necessarily available at run time.
Another approach is to make sure the user data is updated and returned for the application to inspect. At the moment this wouldn't result in any information the app doesn't already have. But it would be extremely useful if we chose to add user preferences one day. This could be in a user service which you provide details and it gives you back a user object. As a side effect it also updates the data creating a record. At the moment this "side effect" would be the only effect we are interested in, but it would stage us well in the future.