Signup flow broken?

[callahad]

Summary What is the problem?

On Slack, @Pomax reported:

I'm stuck in a weird signin limbo atm where it wants me to sign up for a username, and won't let me log out from the github-bridged auth because I'm not logged in yet... O_o

We should probably figure out if we can reproduce that and fix it.

[peterbe]

Most probably related: https://bugzilla.mozilla.org/show_bug.cgi?id=1614273

[callahad]

@Pomax do you see any errors in the console when you try to proceed beyond beyond that state?

[Pomax]

The thing is I don't want to proceed at all: I have an MDN account, but apparently not tied to github, so I want to break off the signup flow and instead try to sign in without github.

However, because I clicked the button to sign you up using github, I'm now stuck: there's no "oh no I made a mistake, can we break this flow off" button or link that I can see anywhere =)

[peterbe]

@Pomax You mean a button that does kinda the same effect as closing the tab or clicking back to the home page by clicking the logo in the upper left-hand corner?

[Pomax]

If closing the tab killed this flow, that would be great, but it doesn't: even a day later, after a computer shutdown in the evening and start up in the morning, I still get this "continue signing up because you authed github" screen when I click on "sign in" on the homepage, or the upper right on this screen, too. It somehow remembers it was in the middle of a gauth flow, and now I'm stuck: I can't pick a different sign in method.

So a text link or button like "cancel signup" or "sign in instead" or "sign up via a different provider" would be pretty great to have on this screen, to force-invalidate whatever is causing MDN's sign in to pick up where it left off.

[peterbe]

So a text link or button like "cancel signup" or "sign in instead" or "sign up via a different provider"

There is no other provider. Only GitHub. (confusingly, we're actually actively working on adding a second provider, Google, but that's not in production yet) After you've authenticated with GitHub, you have to complete the process, which we refer to as "Create your MDN Account". The only reason this can't be automatic is because the "I agree to Mozilla's T&C" has to be deliberate.

But perhaps, what you wanted to do is to "merge" your account with an existing GitHub account you've authenticated with? Or, perhaps you once signed in with Persona. The username pomax is pretty unique, and I see that it's suggesting you have to pick pomax2 as your new username.

I.e. you'd like to authenticate again but you can't because you're stuck between "authentication" and "complete the sign up" :(

Thank you for taking the time @Pomax ! This is really helpful.

If you're desperate, perhaps killing your session cookie with the domain might put you back on the start.

[Pomax]

Right, except during that flow it turns out my account already exists. There is already a Pomax and I can guarantee you that's me.

So I don't want to sign up with github, even though that's the process I'm currently in: I already have at some point in the past signed up, and what I really want to do is sign in with github, so I need to cancel the current flow that's trying to build me a user account. There is literally no way for me to get back to the original "sign in" functionality. I am now trapped in "sign up" and I am obviously not going to make an account with a bonus username tied to my real email address just so I can end this process =)

I'll try an aggressive cookie wipe, but I'm pretty sure github auth allows a backend to invalidate an active negotiation, too, so it might be worth adding that in before I wipe my cookies so you have a live test case.

[atopal]

@Pomax there is is no original sign in functionality. Github auth is the only option. You might have created a Persona account years ago, but we deactivated Persona accounts in 2016. If you had used the same email address on that old account as you have on your Github account, we'd have "merged" them when you used Github auth.

[Pomax]

I probably won't have, but the username is now taken thanks to that, so I'd like that back instead of signing up up for a new account with a name that isn't mine.

[peterbe]

It's a large and rather complex world but we've gone back and forth on what to do with ex-Persona people. I too used to be called peterbe on Persona and I think I used the old recover UI to be able to get that merged.

The problem is that the old pomax used a different email from the pomax of the GitHub-era. (for the record, the old Pomax username (note the capitalized P) used the mozilla foundation email and he has 1 revision so I can't just delete him for you)

@escattone knows more about the potential options for recovering. Mayhaps a solution would be, when the default username is taken, is that we have some business logic that figures out if that account that was from the Persona-era and if so it can say: "Hmm... Perhaps it was you back in the Persona days. Do you still have access to peterbe@whenpersonawaathing.com? If so click here to get an account merge link sent to you"

Also, all of these problems would go away if we stopped obsessing about username at all in MDN. But for that to be tenable we need to kill the Wiki fully first.

[Pomax]

I'll keep obsessing about username in any system where I had an account before, because that's my name. It's unique enough that if you see that name anywhere online, you can be almost certain that was me.

Automatically migrating to Github when there were no doubt many accounts with emails that (for solid reasons for some) are not tied to Github at all is a decision that, as a user, I don't understand - I'm sure you had well-discussed reasons for it, but also now we're here: all I can tell you is that I'm not signing up "a second time" with a different user name.

It might be a good idea to offer a recovery track for people affected by this change, maybe some "recovery" page where you can fill in your old username, and get an email sent to the associated email address, with instructions on how to kill their old account so they can register anew.

[escattone]

@Pomax Would you be willing to add the email address that you originally used when signing-up to MDN (via Persona) to your GitHub account, at least temporarily? It would have to be verified on GitHub as well. Once that's all done, assuming you're OK with doing that, you could then sign-in to MDN using GitHub and MDN would automatically associate your GitHub account with your existing MDN account.

[escattone]

@Pomax I could, alternatively, manually add your GitHub email address to your existing MDN account (easy to do), and then you should be able to sign-in via GitHub and your GitHub account would be automatically associated with your existing MDN account.

[Pomax]

I'd certainly prefer the latter, if that's possible

[peterbe]

@escattone How about we rename the usernames of ALL users who have revisions, when they signed in with Persona, and still haven't signed in with GitHub or Google. The old Pomax (Persona) user had 1 revision. It was probably from a very long time ago. We could rename that user's username to pomax__persona and it would free up the username for people now using GItHub and Google.

[escattone]

@Pomax I could, alternatively, manually add your GitHub email address to your existing MDN account (easy to do), and then you should be able to sign-in via GitHub and your GitHub account would be automatically associated with your existing MDN account.

@Pomax This is done. You should be able to sign-in via GitHub and your GitHub social account will be automatically associated with your existing MDN user account. Cheers.

[Pomax]

Thank you, that worked perfectly. Although I would also second @peterbe's idea, that sounds like a good solution to freeing up usernames for people who maybe contributed in the past but haven't been in a position to do so for a long time, and coming back to MDN now.