App Update authentication APIs to enable HybridApp auth refactor

Problem

I am working with @war-in and @staszekscp on a HybridApp authentication refactor.

They are making good progress but require some backend changes in order to complete the work.

Solution

Update backend APIs to match required onyx data:

we localized three more commands which need to return tryNewDot value

SignInWithGoogle

SignInWithApple

SignInWithShortLivedAuthToken (for SAML) We can unify SignInWithShortLivedAuthToken and SinginUser by moving value returned by SignInUser to BeginSignIn. We can also simplify the frontend code and return nvp_tryNewDot in the onyxData (like we do for e.g. credentials in BeginSignIn command) so those onyx updates would be handled automatically.

Onyx Data

{
  "onyxData": [
    {
      "onyxMethod": "merge",
      "key": "nvp_tryNewDot",
      "value": {
        "classicRedirect": {
          "dismissed": true/false
        }
      }
    }
  ],
  "jsonCode": 200,
  "requestID": "8ecc27b03b9abbcf-WAW"
}

Dec 04 '24 14:12 Julesssss

This is lower than other issues in my HybridApp queue

Dec 09 '24 13:12 Julesssss

@Julesssss Whoops! This issue is 2 days overdue. Let's get this updated quick!

Dec 13 '24 09:12 melvin-bot[bot]

Finishing up other HybridApp tasks, I should have time for this soon after the new year

Dec 13 '24 10:12 Julesssss

Still waiting for the ability to prioritise

Jan 03 '25 10:01 Julesssss

The front-end work is in progress.

Jan 15 '25 01:01 Julesssss

@war-in asked me to provide these changes. I'll be picking up this issue soon.

Jan 27 '25 23:01 Julesssss

THis is on my todo list after a fire, and one other HybridApp backend issue.

Feb 05 '25 17:02 Julesssss

Aiming to work on this this week!

Feb 19 '25 17:02 Julesssss

I have been held up by change in priorities, this is still on my roadmap after we ship HybridApp NewDot signup and redirect to classic tasks.

Mar 05 '25 20:03 Julesssss

OKAY. I am not going to jynx myself this time...

@war-in, is the desired format under Onyx Data still correct? If so I'll start by refactoring the hardcoded tryNewDot response data into a valid onyx payload. I'll return the full NVP data this time.

We can also simplify the frontend code and return nvp_tryNewDot in the onyxData

I wanted to double check this because I recall there was a reason we needed this to be returned outside of an onyx update.

Mar 13 '25 19:03 Julesssss

@Julesssss I think it's fine to return it in regular onyx update data but maybe let's keep it in both places for now? 🤔 We can remove it then once we confirm its fine

Mar 14 '25 14:03 war-in

Sounds good to me 👍 I am a bit worried that during login when we build the onyxData the tryNewDot value hasn't yet been set and won't be available.

Mar 14 '25 19:03 Julesssss

Okay, I'm returning the full NVP data in SigninUser locally:

Same for SignUpUser user:

Mar 14 '25 23:03 Julesssss

Next week I need to figure out why tryNewDot is now always returning true. Auth?

Mar 14 '25 23:03 Julesssss

Next week I need to figure out why tryNewDot is now always returning true.

Bug fixed. PR is ready for review, I just need to fix a remaining test case failure.

Mar 18 '25 23:03 Julesssss

Glad to see progress here! I also updated OD and ND PRs with the newest main branches

So now those commands should return NVP, right?

SignInUser
SignUpUser
SignInWithGoogle
SignInWithApple
SignInWithShortLivedAuthToken (for SAML)

As I mentioned in the issue description it would be nice to get nvp in BeginSignIn command (earlier we know about nvp the easier it gets in terms of handling the flow)

Mar 19 '25 12:03 war-in

So now those commands should return NVP, right?

@war-in yeah, once merged the full tryNewDot NVP data will be returned within onyxData for all of these cases. In addition we'll return tryNewDotDismissed.

I'll deprecate tryNewDot as it is confusingly named, but for now I am returning that too:

Mar 19 '25 22:03 Julesssss

To avoid duplicated onyx data I had to make a large refactor and update automated tests. That's all done now and the final step is to see if I can make the NVP retrieval more efficient.

Mar 20 '25 22:03 Julesssss

@war-in could you made do without the returned tryNewDotRedirecDismissed param from SignInWithShortLivedAuthToken? I have the onyxData being returned but I would need to take extra time to make that available. I can do that later if it's necessary.

Mar 20 '25 23:03 Julesssss

The changes are working well, but add some extra Auth calls for retrieving the NVP data. As this isn't ideal for performance I will raise an Auth PR to improve this. It'll delay this PR by a few days but will be worth the wait.

Mar 21 '25 20:03 Julesssss

Finished up some improvements and test fixes. After dealing with a flakey test I have put the PR in initial review.

Mar 24 '25 23:03 Julesssss

Hey @war-in, the following commands are now returning onyxData on staging and some will give you tryNewDotDismissed in the response:

BeginSignIn
SignInUser
SignUpUser
SignInWithGoogle
SignInWithApple
SignInWithShortLivedAuthToken (SAML / redirect from OldDot)

Let me know if you need anything else at this point. SignInWithShortLivedAuthToken, SignInWithGoogle, and SignInWithApple won't give you tryNewDotDismissed but I should be able to figure this out if you need it.

Mar 25 '25 16:03 Julesssss

@Julesssss Eep! 4 days overdue now. Issues have feelings too...

Mar 31 '25 09:03 melvin-bot[bot]

I'm going to close this issue. We can use the parent issue for the rest of the changes.

Mar 31 '25 16:03 Julesssss

Reopening while the remaining Auth keys are refactored.

Apr 02 '25 16:04 Julesssss

@Julesssss Huh... This is 4 days overdue. Who can take care of this?

Apr 08 '25 08:04 melvin-bot[bot]

Auth PR updated, will ship for review if tests pass

Apr 08 '25 15:04 Julesssss

@Julesssss Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

Apr 16 '25 08:04 melvin-bot[bot]

Auth PR deployed, closing

Apr 16 '25 16:04 Julesssss