search

sul-dlss-deprecated / universalviewer

The Universal Viewer is a community-developed open source project on a mission to help you share your content with the world
http://universalviewer.io
Other
0 stars 1 forks source link

Potential poor auth experience when using a popup blocker #34

Closed mejackreed closed 6 years ago

mejackreed commented 6 years ago

When using a popup blocker (or if auth fails), a user may be presented with an empty box:

screen shot 2017-07-31 at 4 23 45 pm

This can happen if auth fails, the case here being because the popup was blocked. Should we add a generic message to stacks for the case when auth fails? We can use a header and a longer description.

See failureHeader and failureDescription here: http://iiif.io/api/auth/1.0/#service-description

cc @jvine @ggeisler @cbeer

ggeisler commented 6 years ago

@mejackreed Is this still relevant if we can do #33?

mejackreed commented 6 years ago

Yes.. We have already eliminated 1 modal from the workflow. This second modal comes up when there is an error authing.

See https://sul-purl-uat.stanford.edu/bb000kq3835

mejackreed commented 6 years ago

@ggeisler See below:

blocked

Because the popup is blocked, the auth process is errored out. This popup will show whenever there is a problem with the auth process.

ggeisler commented 6 years ago

Gotcha @mejackreed.

Assuming we're talking about a Stanford-specific solution here, how about we populate the pop-up with something like this, which is somewhat similar to what the user would see if they failed authentication generally:

Header:

Authentication was unsuccessful

Text:

You entered an incorrect SUNet ID or password (or both).

Be sure to use the login form of your SUNet ID, not an optional alias you may have created.

mejackreed commented 6 years ago

Yep something like that would work too. One thing to note here, is that we will never get to "You entered an incorrect SUNet ID or password (or both)." as the webauth dialog will provide that feedback. The scenarios where i see this happening are:

ggeisler commented 6 years ago

Okay, I interpreted your explanation differently earlier but I tried it locally and now understand better what you're saying.

So we need a pretty generic message, I think? What about something more along these lines:

Header:

Unable to authenticate

Text:

The authentication service cannot be reached. If your browser is configured to block pop-up windows, try allowing pop-up windows for this site before attempting to log in again.

I don't know how great that is, but we should probably just go with something like that and we can improve the message in the future when we better understand the scenarios where we get the error dialog.