sthewissen / MVP

Unofficial app to help MVPs manage their community activities
GNU General Public License v3.0
112 stars 31 forks source link

Detect if current Live ID is actually an MVP #1

Closed sthewissen closed 3 years ago

sthewissen commented 4 years ago

What?

sthewissen commented 4 years ago

Basic auth endpoints towards Live ID are in place. The API also has support for throwing an event when a refresh token is needed. I suppose these bits now need to be combined into one to finish that part off :)

sthewissen commented 4 years ago

Reworking this bit into using MSAL, which should be possible to get the correct token for this API. It will abstract away a lot of the token storing and refreshing logic, which is nice to not have to plumb ourselves.

sthewissen commented 4 years ago

This is done. The basic flow for it is in place.

sthewissen commented 4 years ago

This is not done yet. The scenario where you login with a Live ID that is not a valid MVP should probably also be tackled.

sthewissen commented 4 years ago

There isn't really a great way to check whether or not the current user is an MVP. The "best" way I've found so far is calling an API endpoint and checking the response. When it's not a valid MVP Live ID, a 400 Bad Request is given back and its body looks something like this:

{
  "Message": "Not able to find user",
  "MessageDetail": "The e-mail address given, ********, did not match to an ID for user lookup",
  "StatusCode": 400
}
sthewissen commented 3 years ago

Closing this. When login fails we show a message suggesting the user is not using a valid MVP login. That's the best we can do at this point.