search

microsoft / pxt-arcade

Arcade game editor based on Microsoft MakeCode
https://arcade.makecode.com
MIT License
477 stars 206 forks source link

Signing out of GitHub in Arcade affects all browser tabs #2378

Closed eanders-ms closed 4 years ago

eanders-ms commented 4 years ago

Describe the bug In Arcade, with my GitHub account linked, if I sign out using the Arcade gear menu, it will sign me out of GitHub in all browser tabs.

image

To Reproduce

  1. Open two tabs:
    1. Tab 1: The MakeCode Arcade home screen
    2. Tab 2: A GitHub private repo

Tab 1 (Arcade):

  1. Click "Import"
  2. Click "From GitHub Repo"
  3. Authenticate with GitHub
  4. Once authenticated, cancel back to the home screen
  5. From the gear menu, sign out of GitHub

Tab 2 (GitHub):

  1. Refresh the page
  2. Notice the 404 error. You are no longer signed into GitHub in this tab.

Expected behavior GitHub sign-out from Arcade should only affect Arcade, and not affect other tabs.

Desktop

jwunderl commented 4 years ago

Hm, I remember this being intentional; clicking sign out in the gear menu already signs you out on it's own, but pops up the github signout page as well (https://github.com/logout) to give you the option to sign out of github too. The reasoning was that in classrooms, students would think that signing out of makecode would keep them safe -- but since github was still logged in, anyone else could just reauthorize makecode again.

I believe this is a common ish practice with education apps, or at least we had a few other examples like it -- maybe just a little modal that pops up first saying "we're sending you to github to log out there as well!" before redirecting would be good?

eanders-ms commented 4 years ago

I see how that makes sense for classrooms. Signing out of GitHub navigates the user out of Arcade to the GitHub logout page, where they have the option to sign out everywhere else too.