Skip to content

CE-2281: Frontend Ping integration login/logout

Johanna Szepanski requested to merge CE-2281-ping into develop

To test:

If testing locally: Change proxy in package.json to whatever environment BE Ping is deployed to. Also change BE_BASE in public/config.js to the same url.

Use simonrose as user with two roles and karlvestin for a user with one role.

See under suggested follow-ups for not implemented/not working features.

Suggested follow-ups:

Error handling - There is currently nothing that visually tells the user if any kind of error during login/logout processes.

  • Error during login -> user is simply not logged in
  • Error during logout -> visually looks like user is logged out, but might not be?

User without application access - A user logs in successfully, but is not granted access to application. Could this happen? How to handle?

Renew token - not implemented (old way is removed). Needs to be enabled by Ping. How this is going to work needs to be discussed. There might be a better solution to current implementation.

Handle restricted endpoints 401 response from BE - this is related to above Renew token. I haven't tested this yet, but as it is now a snackbar with error is displayed. User is not logged out, which might be an improvement to make.

Logout - Visually the user is logged out, the cookie is deleted, But when user clicks login, they're logged in without having to enter credentials. This is an unexpected behaviour and a security risk. Note: This is not supported in our current version of Ping, so it will have to wait until next release.

Redirect to where user began the login/logout process - In this implementation user is redirected to root after successful login/logout, not considering the actual path where user started process. This could perhaps be done better, but needs some investigation.

Double hard coded proxy endpoint - When developing locally, the BE server we want to proxy needs to be hardcoded in two places. Switching environment means changing in two places. This is a nuance and could be handled differently, by for example overriding the create react app dev server setup.

Edited by Johanna Szepanski

Merge request reports