search

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.87k stars 2.65k forks source link

Create and display a token in the no data screen. #20912

Open jmumby opened 1 year ago

jmumby commented 1 year ago

The no data screen provides all the options to start tracking. A Wordpress user would need to install wp-matomo to track to cloud or an instance that isn't Matomo for Wordpress. This would involve creating a token which would be quite complex for someone completely new to Matomo.

Summary

On the first no data screen under integrations we offer the subdomain URL and idsite. We should also offer a token for the user to use in WP-Matomo directly to remove this barrier to entry.

Current: image

Suggested: image

OR

Current image

Suggested image

michalkleiner commented 1 year ago

Thanks for the suggestion @jmumby. Assigning to PO for prioritisation but I think it's a good enhancement. I suspect this shouldn't have any serious security implications but we may need to consider only showing it if the user would otherwise be able to create the token through the existing means.

sgiehl commented 1 year ago

We can't show the token by default. We would need to do that after clicking a button or similar. Tokens are stored hashed in the database, so it won't be possible to show a previously generated token again. And dynamically generating tokens that might have superuser access isn't good in terms of security.

jmumby commented 1 year ago

A quick fix might be to have a link directly to the token page.

WP-Matomo requires a token you can Create your token here

links to for example https://example.matomo.cloud/index.php?module=UsersManager&action=userSecurity&idSite=1&period=day&date=yesterday#authtokens

AltamashShaikh commented 1 year ago

@jmumby We try to make it simple by directly taking to the token creation page

  1. Enter your password
  2. We get to the token creation UI.

Screenshot from 2023-06-20 17-34-59 Screenshot from 2023-06-20 17-35-37

Stan-vw commented 1 year ago

Perhaps I can alleviate some concern here by mentioning that we're collaborating with the plugin owner to make the Wordpress plugin use SiteID + Matomo URL instead of the Auth token. We will then update the no data screen with these simplified instructions, so there shouldn't be a reference / need for the Auth token anymore in this process.

Adding the Auth token to the Wordpress plugin will still be available under advanced options for some extra functionality, but I believe this won't be needed for most users and the people who want to do this can likely already find the Auth token or follow the FAQ (we can double check the quality of this one if needed).

I don't have an exact ETA but this is pretty high on the priority list.

jmumby commented 1 year ago

I assume in this case it will be simply tracking and not pulling the data back and showing it in the Wordpress UI?

lance-matomo commented 1 year ago

Yea the new default behaviour will to just add tracking so the Auth token won't be a requirement for setup. They will still have the option of adding the auth token if they want to enable all the reporting directly in their wordpress instance via the plugin but we are less interested in that, tracking is our main goal.