Team management in the dashboard

[nandanrao]

Ideally individual users belong to "teams" who create studies/etc. Thus, they don't need to share login information.

This probably has 2 stages:

A) A user can belong to a team and only one team, a default team is created for the user when they join but they can renname that team, and can invite others. B) Users can belong to multiple teams.

User Stories (stage A)

• As a user, I can create a team and invite people to my team.
• As a user that joins a team, I can see and edit all the studies from that team.

User Stories (stage B)

• As a user, I can create multiple teams, where each team has different studies.
• As a user that created a team, I can invite others as "admin" or "viewer" users.
• As a user, I can switch which team for which I'm seeing the studies.

[Spazzy757]

@nandanrao for a first pass are we okay adding an organisation ID to the Auth0 metada that will be added to the claims:

{
  "org_id": "1234"
}

[Spazzy757]

Right, so adding the above to the users_metadata, and using an Auth0 action:

/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://vlab.digital';
  const { org_id } = event.user.user_metadata;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim(`${namespace}/org_id`, org_id);
    api.accessToken.setCustomClaim(`${namespace}/org_id`, org_id)
  }
};

Allows us to set the custom claims to the below:

{
  "https://vlab.digital/org_id": "1234",
  "iss": "https://vlab-dev.us.auth0.com/",
  "sub": "auth0|6412f8baa95e852045477d6e",
  "aud": [
    "https://api-dev.vlab/",
    "https://vlab-dev.us.auth0.com/userinfo"
  ],
  "iat": 1679582016,
  "exp": 1679668416,
  "azp": "WZLSHAwHmqsgTDwA43MNuYcd1nQxyJTx",
  "scope": "openid profile email"
}

I've added this to the demo account we use so far in order to continue testing

[Spazzy757]

We decided to rather go with the frontend getting an organisation ID and passing it to the backend. So we added an organisation table with various columns being added. The frontend makes a call to the backend on login to "Get or Create" a user (see this PR: https://github.com/vlab-research/vlab/pull/173) This will return a user with the following structure:

{
    "data": {
        "id": "auth0|6412f8baa95e852045477d6e",
        "orgs": [
            {
                "id": "90840745-4996-42bb-aa42-05a41936e6e0",
                "name": ""
            }
        ]
    }
}

Note a user can be part of multiple organisations

We will need to add this functionality to the frontend so a user can choose what organisation to view as. as well as attaching the organisation to each request (Possibly as a custom header?)