when specifying max_auth_age in an OpenID (PAPE) request, email address is unnecessarily requested

Bug #316796 reported by Christopher Armstrong
2
Affects Status Importance Assigned to Milestone
Landscape Server
Fix Released
Medium
Christopher Armstrong
Launchpad itself
Fix Released
High
Francis J. Lacoste

Bug Description

When we specify max_auth_age in an OpenID request, even though we may already be logged in to Launchpad, the login screen asks for my email address. At least for Landscape, this causes an awkward workflow: the user types their email address into Landscape (so that we can look up their account and decide whether to use OpenID auth for them) and then they're directed to Launchpad, which asks for their email address again.

Given that the user *is* actually logged in to Launchpad, it shouldn't really be necessary to type the email address in again. It'd be nice if this were either fixed by default or if there were a way for us to specify the default email address to fill into that field when we're making the OpenID request.

Revision history for this message
Francis J. Lacoste (flacoste) wrote :

We can have a simple fix to pre-fill the user's email address when he's already logged in (and are prompting him because he didn't logged in since max_auth_age).

That won't solve the issue for new users who don't have a Launchpad account yet, or that aren't logged in Launchpad. They'll have to enter their email again.

Solving this for them would involve defining a new OpenID request parameter (or using an existing proposed one, we'll have to research) to hint about the email address.

Because of the OpenID handshake, we simply cannot tack it on the request URL.

Changed in launchpad-foundations:
importance: Undecided → High
milestone: none → 2.2.1
status: New → Triaged
Revision history for this message
Christopher Armstrong (radix) wrote :

For what it's worth, I consider solving this for a non-logged-in user a different issue.

Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

Francis, is there an estimated time to get this issue fixed? This is somewhat bad for Landscape, since users will have to type their email addresses twice at all times when logging in.

For the users who don't yet have an account, we can pass Launchpad an additional parameter with the given user's email if needed.

Changed in launchpad-foundations:
milestone: 2.2.1 → 2.2.2
Changed in landscape:
importance: Undecided → Medium
milestone: none → mountainview
Changed in launchpad-foundations:
assignee: nobody → flacoste
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

Fixed in RF 7721.

Changed in launchpad-foundations:
status: Triaged → Fix Committed
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

This has been cherry-picked.

Changed in launchpad-foundations:
status: Fix Committed → Fix Released
Changed in landscape:
status: New → Fix Released
Changed in landscape:
assignee: nobody → radix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.