Closed cmcavoy closed 11 years ago
threeqube
commented
11 years ago With regards to the link with a one-time access code, what happens when the parent clicks on it as opposed to the learner. Does the link go to the same place? Is the parent view and learner view supposed to be the same? This might very well be an iRemix question too.
cmcavoy
commented
11 years ago I think we should provide a different link for the parent. Something that describes the badge, but isn't the claim code link.
threeqube
commented
11 years ago Works for me.
mark-ellul
commented
11 years ago Hi,
I am lead developer for iRemix.
To create an account for a user (for notifications) and to use the OpenBadgerAPI v2 we need the user's email address.
If CSOL passes the access code only we will need an API call on OpenBadger API to validate the access code and receive the Email to be able to then call other methods like /v2/user/recommendations on the OpenBadger API v2, as well as awarding badges.
In the https://github.com/mozilla/openbadger/wiki/APIv2 page the link to the JWT spec is broken, is it supposed to be http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ and will a revision version be locked down for CSOL?
Thanks and Regards Mark
cmcavoy
commented
11 years ago Hi Mark, glad to meet you.
If CSOL passes the access code only we will need an API call on OpenBadger API to validate the access code
Do you think it's possible for iRemix to give us a list of single use access codes? That way, when a user earns the ability to use iRemix, we can use that access code to send them to you.
receive the Email to be able to then call other methods like /v2/user/recommendations on the OpenBadger API v2, as well as awarding badges.
I'm not sure you'll be using those calls...they're meant for people to find recommendations inside the CSOL system. Once a learner is in iRemix, the idea (as I understand it) is they've completed several levels of badge earning, and have now earned the ability to use the iRemix platform.
Agreed on the call to awarding badges, but that's based on a JWT shared token.
In the https://github.com/mozilla/openbadger/wiki/APIv2 page the link to the JWT spec is broken, is it supposed to be http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ and will a revision version be locked down for CSOL?
Sorry about the broken link, we'll fix it up. I'm not sure which version of the spec we'll pin for CSOL, but yes - we'll pick a version and stick to it.
rl
commented
11 years ago Re: API recommendations call -
@cmcavoy What we need to figure out is how to know either what a user has done or what has been recommended to them based on their CSOL participation so far. This is necessary to target what challenge content is presented to them when they come to iRemix. So if I've done X, Y & Z activities on the CSOL site and that led to me being recommended the ABC challenge badge (that sits in iRemix), iRemix ideally needs to know this.
This allows us to leverage our internal functions for recommended badges & challenges, dashboards, etc. We need to know what to direct users to based on their previous badge activity.
We saw the recommendations call and thought that'd give us what we needed to do so.
So yes, they'd have done X, Y & Z in CSOL system to earn access to iRemix. Our need is to be able to present challenge content to them that accounts for what they've already accomplished.
-Akili
threeqube
commented
11 years ago @rl Will iRemix challenges not be mapped to the earning of the S-T-E-A-M badges? Will that not be the criteria for triggering recommendations for challenges? We understand that there can be holes in this method since the city level badges do not provide in detail the granular sets of badges undertaken to earn the city level S-T-E-A-M badge but I believe this had been the previously agreed upon handover from CSOL to iRemix.
rl
commented
11 years ago We would prefer will to map to the earning of specific entry badges and not to STEAM badge in general as what falls in a STEAM category is so general. For example, we would want a kid tackling a programming challenge to have earned a programming related entry badge as opposed to a just general Technology STEAM badge.
We are willing to do the mapping.
Is the question around the pushing/pulling of badge info from Mozilla to iRemix to support notification of relevant challenges? Given a API has to exist for iRemix to know which STEAM badges a youth has gotten, I assume we would use this APO to determine which specific entry badges a youth has gotten.
On Wednesday, April 24, 2013, threeqube wrote:
@rl https://github.com/rl Will iRemix challenges not be mapped to the earning of the S-T-E-A-M badges? Will that not be the criteria for triggering recommendations for challenges? We understand that there can be holes in this method since the city level badges do not provide in detail the granular sets of badges undertaken to earn the city level S-T-E-A-M badge but I believe this had been the previously agreed upon handover from CSOL to iRemix.
— Reply to this email directly or view it on GitHubhttps://github.com/mozilla/CSOL-site/issues/104#issuecomment-16979047 .
Nichole D Pinkard, PhD Associate Professor College of Computing and Digital Media DePaul University
Founder, Digital Youth Network www.digitalyouthnetwork.org
mark-ellul
commented
11 years ago Do you think it's possible for iRemix to give us a list of single use access codes? That way, when a user earns the > ability to use iRemix, we can use that access code to send them to you.
By what mechanism will you need them, a big CSV file?
A one to one mapping for users to access tokens makes sense. Is there any reason why the token needs to be single use? My concern is that if there is an issue during the sign up process or its not 100% complete by only allowing it to be used once could leave users stuck in the process.
I'm not sure you'll be using those calls...they're meant for people to find recommendations inside the CSOL system. Once a learner is in iRemix, the idea (as I understand it) is they've completed several levels of badge earning, and have now earned the ability to use the iRemix platform.
As mentioned we will need to know the badges they have received.
Agreed on the call to awarding badges, but that's based on a JWT shared token.
Looking at the API documentation we still need to know the user's email address
POST /v2/user/badge/
/award Award a badge directly to a user. Request Parameters auth: The JWT corresponding to the user making the request. email: The email of the relevant user.
So what solution can we have in place to get the email of the user? The API requires it to award the badge to the user, who earns it, and we need it to confirm.
I think we should provide a different link for the parent. Something that describes the badge, but isn't the claim code link.
So the parent link will go to the CSOL site showing the badge. Is that correct?
Regards, Mark
eknight
commented
11 years ago @rl @threeqube what we decided on is that S-T-E-A-M badges unlock access to remix and the city-level challenges but the info about the incremental entry level badges that the learner earned (through programs, activities or games through OpenBadger) to get to that S-T-E-A-M badges is important to the DYN folks to determine which challenges youth have access to. Two kids with the "S" badge might have had very different pathways or combos of badges to get to that point and so knowing about that pathway/combo can help DYN connect kids to challenges that are more aligned with their interests. Does that make sense? The question is how can they get the data on the entry level badges earned.
cmcavoy
commented
11 years ago :+1: to @eknight
Looking at the API documentation we still need to know the user's email address
@rl yes, you're right, you need an identifier for the user. For users under 13, they won't have email addresses, but we'll assign them a username that's email-like, something like "fancycat@chicagosummeroflearning.org" that you'll be able to access their records on OpenBadger with, including recommendations. If a user is over 13, and has included an email address, we'll use that as their identifier. Does that work?
threeqube
commented
11 years ago I think we agreed up on the following:
rl
commented
11 years ago confirmed.
Nichole D Pinkard, PhD Associate Professor College of Computing and Digital Media DePaul University
Founder, Digital Youth Network www.digitalyouthnetwork.org
On Thu, Apr 25, 2013 at 12:27 PM, threeqube notifications@github.comwrote:
I think we agreed up on the following:
- Unlocking of the iRemix platform for challenge access will result from the learner earning a certain combination of S-T-E-A-M badges as initially discussed and as previously agreed upon. <-- Carla's doing this mapping
- Open Badger will expose a learner's activity badges to iRemix through an API when that learner gains access to the iRemix platform. <-- Chris will make this happen
- From this info, iRemix will direct that learner to specific challenges within the iRemix platform
— Reply to this email directly or view it on GitHubhttps://github.com/mozilla/CSOL-site/issues/104#issuecomment-17025187 .
threeqube
commented
11 years ago :+1:
mark-ellul
commented
11 years ago For users under 13, they won't have email addresses, but we'll assign them a username that's email-like, something like "fancycat@chicagosummeroflearning.org" that you'll be able to access their records on OpenBadger with, including recommendations. If a user is over 13, and has included an email address, we'll use that as their identifier. Does that work?
So to get that Email we will need to pass the access code back to Mozilla, that seems fine. Will it be a new api call or just one to the User page passing the Access ID and receiving the Email and Badges? Will the Parent's email address be included in the user's details, as well as if that user is <13 or Date of Birth ? Will the Fake Email addresses bounce or is there logic in CSOL to receive those emails as messages in your system?
cmcavoy
commented
11 years ago So to get that Email we will need to pass the access code back to Mozilla, that seems fine.
Cool.
Will it be a new api call or just one to the User page passing the Access ID and receiving the Email and Badges?
I think we'll send it to you when we say a user has access to iRemix, when they've earned a STEAM badge.
Will the Parent's email address be included in the user's details, as well as if that user is <13 or Date of Birth ?
Yes to all of the above. We'll include their age, and their parents email if they're under 13.
Will the Fake Email addresses bounce or is there logic in CSOL to receive those emails as messages in your system?
They'll bounce.
mark-ellul
commented
11 years ago I think we'll send it to you when we say a user has access to iRemix, when they've earned a STEAM badge.
So we will have to create an API call for Mozilla to pass those details to us? When in the user flow would that happen? When they have earned a badge that should give them access? or when the user or their parents have authorized access to iRemix?
threeqube
commented
11 years ago @cmcavoy can confirm but they should be given access once they earn the STEAM badge which unlocks access to iRemix as per https://github.com/mozilla/CSOL-site/issues/104#issuecomment-16958107
Parent authorization comes into play for < 13 only.
When an < 13 earns a STEAM badge, then the parent/guardian should be notified. It seems that notification workflow should happen on the iRemix side.
mark-ellul
commented
11 years ago When an < 13 earns a STEAM badge, then the parent/guardian should be notified. It seems that notification workflow should happen on the iRemix side.
@threeqube What I am trying to clarify is the entry point into iRemix. At the moment I am getting mixed signals... Here is the flow as I see it now.
Note: At this point iRemix doesn't know anything about that User.
@cmcavoy @threeqube Does that sound like a valid approach?
threeqube
commented
11 years ago Workflow seems to make sense but would like @cmcavoy to weigh in. Thanks!
cmcavoy
commented
11 years ago If the User or their Parent/Guardian accepts access to iRemix, Mozilla will call a API call on iRemix passing in details of the user (email, name, badges, parent's email) with a Access code.
How about if we send this information, and you send us back an access code? Does that make sense?
mark-ellul
commented
11 years ago OK, so the updated process would be....
Ok that sounds quite usable as a process, I only have a couple of concerns.
cmcavoy
commented
11 years ago Agreed, above sounds good.
To your questions,
Will we still send the access codes before to Mozilla so you can validate that the Access code returned was indeed one that was preset, to avoid MITM attacks?
I'm not sure we need to get super secure here...any security we have is really about making sure someone gets the prerequisite badges. Since we're not passing any financial data around, I think what we outlined above is enough.
We have a oAuth provider in iRemix, we can provide you with a key and secret to use to call the API. Does that sound like a valid approach for CSOL to connect to the iRemix API?
Yeah, that should work great...
mark-ellul
commented
11 years ago @cmcavoy I noticed in some other github issues that you are using Amazon SQS, is that correct? If so did you want to use that to send the messages to iRemix, and we can send a response on another queue or use their acknowledges?
cmcavoy
commented
11 years ago @mark-ellul we ended up not using SQS, but not for any specific reason. It just ended up being easier to use a straight API. That said, if SQS makes sense for this, I'm sure we can work with it.
mark-ellul
commented
11 years ago @cmcavoy we are not using SQS at the moment so lets go with the API approach, I just got your email from the github page, next week, I will send you a email with details about sending the user information. I am assuming that you will post the data in JSON, and I will return a token that will be used for the invite process.
Do you have a schema for what you will be sending? Should I set up API on our staging environment for pre-production testing? Do you store if the user uses Persona or not? If so could you please pass that so we can present a Persona button in our registration process.
Is there anything else I need to know? or anything you need from Remix Learning?
cmcavoy
commented
11 years ago I am assuming that you will post the data in JSON, and I will return a token that will be used for the invite process.
Yes, that's the way we'd like to do it. We'll also need to know a URL to direct the user to. Maybe you could just send us back a URL with a code embedded at the end? Sort of like the traditional reset password url?
Do you have a schema for what you will be sending?
No, because we haven't written it yet. So if you have a schema in mind, we can work from that ;)
Should I set up API on our staging environment for pre-production testing?
That would be helpful. Our staging CSOL site is http://csol-aws.mofostaging.net/
Do you store if the user uses Persona or not? If so could you please pass that so we can present a Persona button in our registration process.
We're not using Persona for login because they don't allow < 13 year old users as part of their terms of service.
Is there anything else I need to know? or anything you need from Remix Learning?
No, I think we're in good shape! Looking forward to seeing all these pieces come together!
mark-ellul
commented
11 years ago Yes, that's the way we'd like to do it. We'll also need to know a URL to direct the user to. Maybe you could just send us back a URL with a code embedded at the end? Sort of like the traditional reset password url?
We can send you a URL with the code embedded. However to do that we must have the schema finalized. I have looked at your staging site registration form and your API to build up the schema below.
If we are giving you the URL, should iRemix still send notification to the guardian or the user (depending on age) with the URL? Or will Mozilla take responsibility for that?
If you can sign off to this schema I can begin the code to do the integration.
{
"status": "ok",
"behaviors": {
"logged-in": 5
},
"badges": {
"first-login": {
"issuedOn": 1344816000,
"assertionUrl": "https://clopenbadger.webmaker.org/afjeo23",
"isRead": false
}
},
"user": {
"email": "user_1@chicagosummeroflearning.org",
"name" : "John",
"surname": "Smith",
"birthday_day": 11,
"birthday_month": 1,
"birthday_year": 2001,
"guardian_email": "j.smiths.guardian@mozilla.org",
"username": "jjsmith"
}
}Please feel free to add more fields or rename the fields, but we need to double down on the schema to be able to meet the deadlines.
When will we get confirmation of which draft of the JWT that we must support. I need that (and the actual values we need to connect) asap, to be able to choose the appropriate library and begin the integrations.
threeqube
commented
11 years ago @cmcavoy can i close this out?
rl
commented
11 years ago Yes
On Saturday, July 20, 2013, threeqube wrote:
@cmcavoy https://github.com/cmcavoy can i close this out?
— Reply to this email directly or view it on GitHubhttps://github.com/mozilla/CSOL-site/issues/104#issuecomment-21303091 .
Nichole D Pinkard, PhD Associate Professor College of Computing and Digital Media DePaul University
Founder, Digital Youth Network www.digitalyouthnetwork.org
threeqube
commented
11 years ago Great, thanks@ @rl
Once a user earns enough badges, they unlock access to iRemix & City Challenges. My take on the user flow,
Some key elements of the above,
/cc @brianloveswords @threeqube @erinknight