Closed jon-betts closed 2 years ago
User accounts:
Not much to say, but it does work with some rough edges
The SSO redirect we use will detect the user doesn't have a license and block them. This is despite the fact that in many cases the user would be granted a license if they could make it to the book viewer.
At the moment we work around this by checking if they have a license first and then presenting an error page if they don't. This page contains a link to the viewer where they can fix it, but it doesn't log them in. We could put an SSO redirect link in the page, but it's one time use. Alternatively we could proxy the SSO link through our own API to provide a link that will repeatedly work to get the user logged in.
Pretty much what it says on the tin, but VitalSource have confirmed this is the correct thing to do, as it will
For the XML end-points it's much harder to apply a schema, which is a real pain. This means our error handling is more dodgy. We are also not inspecting the errors we get back for user credentials and we probably should be.
Perhaps we could address this as a part of: https://github.com/hypothesis/lms/issues/4219
It's not really possible to have all the different failure cases be easy to test without writing some fairly intense test harness.
We could stand up a fake version of the VS api locally or something, but it sounds like a lot of work.
I'm going to leave detailed instructions to the tickets that implement the features
We want to streamline the user experience by introducing Vitalsource single sign-on, but we need to de-risk the technical aspects of the problem with a working prototype.
This prototype needs to:
It does not need:
Tasks
Tickets
Questions we are trying to resolve