Closed sthewissen closed 3 years ago
Basic auth endpoints towards Live ID are in place. The API also has support for throwing an event when a refresh token is needed. I suppose these bits now need to be combined into one to finish that part off :)
Reworking this bit into using MSAL, which should be possible to get the correct token for this API. It will abstract away a lot of the token storing and refreshing logic, which is nice to not have to plumb ourselves.
This is done. The basic flow for it is in place.
This is not done yet. The scenario where you login with a Live ID that is not a valid MVP should probably also be tackled.
There isn't really a great way to check whether or not the current user is an MVP. The "best" way I've found so far is calling an API endpoint and checking the response. When it's not a valid MVP Live ID, a 400 Bad Request is given back and its body looks something like this:
{
"Message": "Not able to find user",
"MessageDetail": "The e-mail address given, ********, did not match to an ID for user lookup",
"StatusCode": 400
}
Closing this. When login fails we show a message suggesting the user is not using a valid MVP login. That's the best we can do at this point.
What?