Idea #12995
Updated by Peter Amstutz about 6 years ago
Use case: A user has a new authentication (eg Google) account. User has previously logged in using some other authentication account (eg LDAP) and already has an Aravdos account. User wants to link their existing Arvados account to the new authentication account so that when they log in with the new authentication account, they are logged into their existing Arvados account. h2. Entry points # User is logged in to Workbench using old authentication account, selects "link a new authentication method" from menu # User attempts to log in using new authentication account, gets an inactive account page # User attempts to log in using new authentication account, is logged into a new active empty account. h2. Flow for (1) # On workbench, click on "link new auth method" # Browser is sent to api_server/logout?return_to=http://workbench/link_accounts?link_to=api_token # Browser is logged out from API and SSO, and redirected to workbench link_accounts page with "link_to" containing the api token of the old Arvados account # Workbench redirects browser to api_server/login?return_to=http://workbench/link_accounts?link_to=api_token # User logs in and browser is sent back to workbench with &api_token=... of new Arvados account # Workbench now has both API token of the account to link to, and an api_token of the newly created account # Browser displays a confirmation page saying what it about to do # Workbench sends request to API server to make the user that owns api_token an alias for the user in link_to # Workbench sets the link_to API token in the cookie, and presents the user with a "success" page h2. Flow for (2) # User is at inactive user page. Text says "if you have logged in with a different account, click here to link your account" # Browser is sent to api_server/logout?return_to=http://workbench/link_accounts?link_from=api_token # Browser is logged out from API and SSO, and redirected to workbench link_accounts page with "link_from" containing the api token of the new Arvados account # Workbench redirects browser to api_server/login?return_to=http://workbench/link_accounts?link_from=api_token # User logs in and browser is sent back to workbench with &api_token=... of old Arvados account # Workbench now has both API token of the account to link from, and an api_token of the old account # Browser displays a confirmation page saying what it about to do # Workbench sends request to API server to make the user that owns link_from an alias for the user in api_token # Workbench sets the api_token API token in the cookie, and presents the user with a "success" page h2. Flow for (3) # In the notifications area of workbench, if the user account seems to be "empty", provide message "if you have logged in with a different account, click here to link your account" # Do flow for (2)