affresco
affresco copied to clipboard
KSF-Media
Handling of expired tokens
On server side, we are using different scopes of authentication. Mainly ReadScope and WriteScope. What this means is actions requiring WriteScope will require much younger authentication token than ReadScope does. Currently we are not handling these well on the front end side, as we will only show a "something went wrong" error to the user, but not really explaining what happened.
Let's add that handling. So, when a user tries to do a WriteScope action, let's say a temporary address change, with an old token, let's have them authenticate again. I think just asking for the password will be enough here. We will need to make this as smooth as possible, so returning to the same state of the app (e.g. mitt-konto) would be preferable. The steps would be something like:
- make temporary address change request
- token expired!
- show password field -> user fills that and it's sent to Persona
- if successful authentication, make the same temporary address change request
- if successful, follow normal app success flow
I think this would be great for usability (and probably would lead to some less calls to CS). I guess the error msg at the moment doesn't inform the user it can solve the problem with a logout and login?
I guess the error msg at the moment doesn't inform the user it can solve the problem with a logout and login?
Unfortunately no. It actually guides the user to call to CS 😄
@vapaj great idea. This is also what's normal industry practice (Google, GitHub, etc, they all just ask for the password for "important actions"), so users are already used to this.
Yes, but remember that the average age of our paper subscribers (who this concerns) is around 80 years and each and every extra password-input they have to do is a horrible task for them! So no password asking for EVERY important action, please. :D
But I guess it wouldn't be every new important action, only every new day you do an important action?