andrewkrug
commented
6 years ago @gene1wood if this moves into the NLX can we still verify the signatures on the error message in the same manor? If so... I'm all for it.
Open gene1wood opened 6 years ago
andrewkrug
commented
6 years ago @gene1wood if this moves into the NLX can we still verify the signatures on the error message in the same manor? If so... I'm all for it.
gene1wood
commented
6 years ago @andrewkrug Ya, see the "How to make this safe" section of the associated issue mozilla-iam/auth0-custom-lock#99
Background
Currently, when an error message needs to be conveyed to the user due to an Auth0 rule, that message is sent in a jwt to the sso dashboard to be rendered.
Problem
The navigation flow of sending a user from NLX to the sso dashboard and having to use the back button to get back to the RP isn't ideal. This is currently tracked in SSO dashboard mozilla-iam/sso-dashboard#205 and mozilla/parsys#253 as "improve error page wayfinding"
It's confusing to the user to go to an RP, try to login and then be sent to a site that they weren't on before (sso dashboard) and potentially haven't gone to before to see an error message about another site (their RP or the NLX)
Solution
Instead of sending the error to SSO dashboard, send it to NLX. NLX will define a parameter and standard in mozilla-iam/auth0-custom-lock#99 through which to convey the error.