Improve the login process #15
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current login process works, so there's no rush to do this. However, requiring users to allow popups isn't ideal since most browsers block popups by default. We should be able to have a similar flow as other OAuth applications. Clicking the "Sign in with Palace Forums" button would redirect to the https://forums.palace.network/oauth/authorize page. Then, after that page redirects to https://internal-api.palace.network/titan/auth/redirect_uri, that page could automatically redirect back to https://titan.palace.network.
As for where cookies are set, it should be possible to transmit the necessary tokens as headers in the redirect request from internal-api back to titan. This would lead to a specific page in Titan, like https://titan.palace.network/auth/verify. That page then verifies the tokens, and finally sets them as cookies for the domain. Lastly, the user is redirected to the main page.
As I'm writing this, I sort of understand why the current implementation was done first - it's much easier. However, this would allow a more seamless user experience. While it isn't urgent, it should be done at some point.
The text was updated successfully, but these errors were encountered: