Hypothesis authentication not working properly with Moodle course sites

[klemay]

This comes from University of Southern Australia via Zendesk ticket 2654. The user has linked to a screencast, but I'll describe here what's happening.

Summary

When using hyp.is links to view annotations made on text pages in Moodle course sites, something goes wrong. For Chrome users, it requires clicking the "Log in" link every time a new page loads and the client opens. For Firefox users, it logs them out of Moodle!

Background

The University of Australia uses Hypothesis to audit/evaluate their online courses. Note: this is not an LMS app use case. They are using the Chrome extension and Bookmarklet in Firefox to annotate text pages in course sites, not documents embedded within those course sites While reviewing a course in Moodle, UofA staff will create annotations to mark changes that need to be made. The workflow is:

Reviewers

• Review a multi-page Moodle course site. Create a Hypothesis annotation (using Chrome extension or FF bookmarklet) in a private group to flag changes that need to be made.
• Copy a link to that annotation using the "Share" button on the annotation card
• Paste the link (a hyp.is bouncer link) into an Excel spreadsheet
• Repeat until entire course has been reviewed
• Share the Excel spreadsheet with UofA staff who will make changes

UofA staff

• Log in to Moodle and navigate to the course site you're about to edit
• Open Excel spreadsheet and click a link to an annotation
• Read annotation; make appropriate changes and mark as complete in Excel spreadsheet

The problem

The first time a UofA staff person opens a hyp.is link, they are prompted to log in to Hypothesis when the sidebar opens, even if they're already logged in within that same browser session. This is not a huge problem, but slightly annoying.

The problematic bit is: Even when navigating to a second hyp.is link within the same course site and browser tab, the user must click "Log in" in the Hypothesis sidebar. They are not required to enter their Hypothesis credentials; all they need to do is click "Log in" and the sidebar will authenticate them. This makes the workflow slower and inconvenient.

For Firefox users, though, clicking "Log in" in the Hypothesis sidebar will log them out of Moodle entirely.

Screencasts of both these scenarios are linked to in the ticket; I do not want to link publicly hear for privacy reasons.

What we know so far

My theory is that this has to do with annotating within the closed-off environment (Moodle). I sent the user 2 links to annotations on publicly viewable Wikipedia articles, and this authentication problem did not happen.

[klemay]

Leaving in the To Review column - we need to test this with other sites hidden behind a login to see if this is Moodle-specific or a wider issue