Stickiness of email verification bit on JWT remains a problem. One can create an account, login, then try to create a new project only to encounter failure. There's also the problem of gaining access to admin protected resources.
To address this, we need a way in the UI to provide a link to send a new verification email which talks to SeaSketch, which can then notify auth0. It should also force the refresh of any auth0 tokens to gain the authentication bit.
Where will this be used?
[x] Project creation
[ ] When trying to access an admin-only project
[ ] When trying to access the admin interface on a project but email is not verified
Some of these steps will need to be manually tested. Some access controls were temporarily disabled while waiting for this problem to be fixed.
Stickiness of email verification bit on JWT remains a problem. One can create an account, login, then try to create a new project only to encounter failure. There's also the problem of gaining access to admin protected resources. To address this, we need a way in the UI to provide a link to send a new verification email which talks to SeaSketch, which can then notify auth0. It should also force the refresh of any auth0 tokens to gain the authentication bit.
Where will this be used?
Some of these steps will need to be manually tested. Some access controls were temporarily disabled while waiting for this problem to be fixed.