[openstreetmap/openstreetmap-website] Welcome page interrupts Oauth authorization flow for newly created OSM accounts (Issue #4246)

[Anton Khorev]

Here's what I'd try to do first:

what's already happening:
- when a user without an osm account tries tries to authorize from some app, they first are directed to `/oauth2/authorize`
- since the user is not logged in, they are redirected to the login page

changes:
- On the login page we detect if it was a redirect from oauth. If it was, a regular registration link is replaced with a link that opens in a new browser window.
- we add a message near the link telling the user to complete the registration in that other window and return to the original window after that
- instead of a redirect url, we add some parameter to our new link that indicates that the user came from oauth
- if a email confirmation is used, this parameter is stored in the token accessible with the confirmation link
- when the welcome is reached, it has a "start mapping" link that normally uses the stored redirect. Instead, if we have the "came from oauth" parameter, we put there a message to return to the original window to continue the oauth flow
- the original page doesn't know that the registration was complete until it's reloaded, so we also tell the user to reload it once they are registered
- reloading with the usual browser controls may not be possible if the window is fully controlled by the app, so we may place a reload button there

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4246#issuecomment-1749328991
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4246/1749328991 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231005/c9b5c83c/attachment-0001.htm>