Open sbidoul opened 11 months ago
@sebastienbeau ^ have you thought about verified emails on partners yet?
When /signin is called:
Can we avoid binding this to JWT only? This API should be shared across all kinds of auth types. N'est pas?
Can we avoid binding this to JWT only?
Maybe. I don't know how to generalize that yet, though. In shopinvader_api_signin_jwt
, we use information contained in the authenticated JWT payload to create the partner (name, email).
I'd say we need someone to explore how it would work with another authentication mechanism first, and then we can look at unifying things, if at all possible.
That said, the logic to convert an anonymous partner/cart to a known one could live elsewhere than shopinvader_api_signin_jwt
. Note quite sure where, though. This logic depends on shopinvader_anonymous_partner
.
For the record; our current implementation of this in v14 is https://github.com/shopinvader/odoo-shopinvader/pull/1251
We took care of some of the corner cases.
Note quite sure where, though
Maybe the logic to transfer a cart from one partner to another could go in sale_cart
Note quite sure where, though
Maybe the logic to transfer a cart from one partner to another could go in
sale_cart
I was thinking of this. To me it makes more sense.
When /signin is called:
1. If the jwt partner doesn't exist in Odoo: create it
Regarding when to create the anon partner... When do you expect this to happen? (I've left a comment on the PR).
Do you expect to have a call to signin
w/o customer details (eg: no email header in my case) before calling the cart endpoint?
A possibile scenario could be that the customer clicks on "add to cart" and if not authenticated, it is asked to register or to continue as guest and if the last choice is taken you call /signin
. If this is the case I would say that is better to have a specific endpoint for this (eg /signing/anon
or /signin-anon
.
Attention points / open questions:
email
field is populated with an unverified email? Maybe ashopinvader_verified_email
module with a simpleemail_verified
flag that we can set on partner creation, or let a backend user set if they are sure of the customer email.