[openstreetmap/openstreetmap-website] blocks with needs_view flag not shown when user does oauth authorisation (for example login into an OSM editor) (Issue #5490)

[Matija Nalis]

>Sending the user to reauthorize again and again when they've already seen a block is not going to help with anything.

Perhaps I'm misunderstanding, but why would that _"again and again"_ reauthorisation need to happen?

My suggestion was _not_ about invalidating tokens every time a user logs in and sees a block; instead it was about invalidating tokens exactly once (i.e. at the moment when DWG or whoever creates the actual block in their backend admin interface).

If that suggestion is technically viable, invalidating all sessions at block time would force a user to re-login, and if login form is also modified to display the blocking message, it should make sure that user will see a block message no matter what app they use (as they need to login again, and that would show the message). 

As a main advantage to such flow, only admin blocking backend and login form need to change, and no app need to change their code (other proposed solutions I've seen so far seem to require that each and every app be updated, and until all have done so, there always remain a chance the user will never see the block)


-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2585751117
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/5490/2585751117 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250112/5696f849/attachment.htm>