Always redirect Open Humans user back to OH
Always redirect the user to 'openhumans.org/study/pgp/return/'.
If there's an origin parameter that's been received, include it as a parameter in the redirect.
This probably involves a small change to the logic here:
Rationale: User feedback suggests that users expect to "finish" processes like this on Open Humans, even when they start elsewhere. To accomplish this, we want users to always return to the Open Humans site after the PGP Tapestry backend has received their token and completed the data connection.
For users that are believed to have started the process on the PGP site (i.e. no "origin=open-humans" parameter), Open Humans offers a choice: "Return to Harvard PGP" or "Continue to Open Humans". Users with origin=open-humans are currently sent to their research data page (as Tapestry currently does). This behavior is implemented and currently present in the Open Humans staging site.
Small changes to the open humans controller:
- always redirect to the OH site after linking
- if something is wrong with the token when the callback page is hit, redirect to the open humans link page on Tapestry.
#1 Updated by Madeleine Ball almost 5 years ago
Addendum for "rationale": see also the user flow document described here, 3a and 3b are both on Open Humans
#2 Updated by Madeleine Ball almost 5 years ago
We reviewed this in Harvard PGP staff meeting, albeit with very low attendance.
The argument against this redirect is that establishing this connection is akin to authorizing access to Facebook or Twitter. The OAuth2 process technically concludes with the user on the PGP site.
The argument for this redirect is that the PGP participant will perceive this as "joining a new activity" (akin to other 3rd party activities) and likely expects to continue interacting with the activity. Needing to return the user to the PGP's website to perform authenticated transfer of ID (instead of trusting the participant to faithfully report it) is an artifact of the OAuth2 process.
Initially staff had mixed opinions. After discussion, they seemed to concur that "ending on Open Humans" made sense, especially if users were provided the "stay-or-return" page as is currently implemented.
Certainly I have a strong personal bias here. I would like Open Humans to retain the attention of these users when they join the activity. But I do sincerely believe (especially after watching users go through these processes) that participants expect to explore a new activity/website, and are confused/discouraged from interacting with Open Humans when the process automatically lands them back on the PGP's website.