Project

General

Profile

Actions

Idea #12995

closed

[Workbench] Allow user to add a new Google account to their Arvados account

Added by Tom Morris almost 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
05/17/2018
Due date:
Story points:
3.0
Release:
Release relationship:
Auto

Description

Use case: A user has a new authentication (eg Google) account. User has previously logged in using some other authentication account (eg LDAP) and already has an Aravdos account. User wants to link their existing Arvados account to the new authentication account so that when they log in with the new authentication account, they are logged into their existing Arvados account.

Entry points

  1. User is logged in to Workbench using old authentication account, selects "link a new authentication method" from menu
  2. User attempts to log in using new authentication account, gets an inactive account page
  3. User attempts to log in using new authentication account, is logged into a new active empty account.

Flow for (1)

  1. On workbench, click on "link new auth method"
  2. Browser stashes the API token in session storage
  3. Browser is sent to api_server/logout?return_to=http://workbench/link_accounts
  4. Browser is logged out from API and SSO, and redirected to workbench link_accounts
  5. Workbench redirects browser to api_server/login?return_to=http://workbench/link_accounts
  6. User logs in and browser is sent back to workbench with &api_token=... of new Arvados account
  7. Workbench now has both API token of the old account (in session storage), and an api_token of the newly logged in account
  8. Browser determines which user account should be merged into the other (based on account creation time, whether it is "empty")
  9. Browser displays a confirmation page stating one account will be linked to the other
  10. Workbench sends request to API server to link one account to the other (#12626)
  11. Workbench uses the API token of the linked account, and presents the user with a "success" page

Flow for (2)

  1. User is at inactive user page. Text says "if you have logged in with a different account, click here to link your account"
  2. Do (1) starting from 2

Flow for (3)

  1. Same as (1) (workbench figures out which way the account linking goes)

Subtasks 4 (0 open4 closed)

Task #13001: Investigate turning off session cookies for SSO serverResolvedPeter Amstutz05/17/2018Actions
Task #13457: Review 12995-wb-merge-acctResolvedPeter Amstutz05/17/2018Actions
Task #13503: Document setting SSO session timeoutResolvedPeter Amstutz05/17/2018Actions
Task #13504: Review 12995-session-timeout (SSO)ResolvedLucas Di Pentima05/17/2018Actions

Related issues 2 (0 open2 closed)

Related to Arvados - Idea #12703: [Workbench] Self serve account mergeResolvedActions
Blocked by Arvados - Feature #12626: [API] Merge user accounts (redirect=true case)ResolvedTom Clegg05/03/2018Actions
Actions

Also available in: Atom PDF