Feature #7462


Always redirect Open Humans user back to OH

Added by Madeleine Ball almost 9 years ago. Updated over 8 years ago.

Assigned To:
Story points:


Always redirect the user to ''.
If there's an origin parameter that's been received, include it as a parameter in the redirect.

This probably involves a small change to the logic here:

Rationale: User feedback suggests that users expect to "finish" processes like this on Open Humans, even when they start elsewhere. To accomplish this, we want users to always return to the Open Humans site after the PGP Tapestry backend has received their token and completed the data connection.

For users that are believed to have started the process on the PGP site (i.e. no "origin=open-humans" parameter), Open Humans offers a choice: "Return to Harvard PGP" or "Continue to Open Humans". Users with origin=open-humans are currently sent to their research data page (as Tapestry currently does). This behavior is implemented and currently present in the Open Humans staging site.

See also:

Related issues

Related to Tapestry - Feature #6961: Simplify Tapestry/Open Humans account link flowResolvedWard Vandewege09/01/2015Actions
Actions #1

Updated by Madeleine Ball almost 9 years ago

Addendum for "rationale": see also the user flow document described here, 3a and 3b are both on Open Humans

Actions #2

Updated by Madeleine Ball almost 9 years ago

We reviewed this in Harvard PGP staff meeting, albeit with very low attendance.

The argument against this redirect is that establishing this connection is akin to authorizing access to Facebook or Twitter. The OAuth2 process technically concludes with the user on the PGP site.

The argument for this redirect is that the PGP participant will perceive this as "joining a new activity" (akin to other 3rd party activities) and likely expects to continue interacting with the activity. Needing to return the user to the PGP's website to perform authenticated transfer of ID (instead of trusting the participant to faithfully report it) is an artifact of the OAuth2 process.

Initially staff had mixed opinions. After discussion, they seemed to concur that "ending on Open Humans" made sense, especially if users were provided the "stay-or-return" page as is currently implemented.

Certainly I have a strong personal bias here. I would like Open Humans to retain the attention of these users when they join the activity. But I do sincerely believe (especially after watching users go through these processes) that participants expect to explore a new activity/website, and are confused/discouraged from interacting with Open Humans when the process automatically lands them back on the PGP's website.

Actions #3

Updated by Ward Vandewege over 8 years ago

  • Target version set to Testing and Upgrading + features
Actions #4

Updated by Ward Vandewege over 8 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF