anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

Home Page:http://anvil.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Edit profile functionality

hedleysmith opened this issue · comments

From #318

The ability for users to edit their own profile (and password) is an essential part of the feature set for Anvil Connect and can help with a number of use cases, including:

  • Users editing their own profile information
  • Users updating their password
  • Prompting for missing/required profile information and password creation after the first completion of an outbound auth flow (e.g., "sign in with GitHub")

Currently after a user has authenticated they are immediately redirected and there is no option to update any profile information at any stage. This raises a number of questions, I've added some I can think of with some ideas on how to tackle them below:

  1. How should users be able to edit their profile? I think redirecting users away from Anvil by default makes sense and providing a route (maybe the default / route?) for users to edit their profile could work. A config option to allow redirecting to a place where users can update their profile and manage their apps by default might be nice as well though.
  2. Missing / required profile information - I've seen this handled elsewhere (such as the Drupal Complete Profile Module quite nicely. This could work where if there are any fields marked as 'required' which aren't populated after a user logs in then the user is redirected to a new view which displays only the required fields they need to complete and prompts them to fill them in before allowing them to proceed. Would this be best handled in some type of optional middleware or plugin? I'm not sure if it would be best turning this on for everyone by default...
  3. New route for updating profile information. I couldn't see anything in the OpenID Connect specification about updating user information. Could updateUserInfo work?
  4. Should there be the ability to disable the edit profile view / functionality? I think enabling it by default makes sense to me at least, not sure if anyone would want to disable it?

Great summary of the requirements, @hedleysmith. Thanks.