Support for confirming abandonment when an anonymous user logs in to an existing account #3
Comments
|
Perhaps instead of blocking the client from logging into another account, it should provide hooks for "merging" the guest account into the new one. I don't know how this all fits into your other related packages, but here's how I see it. When a client is logged in with a guest account, the UI presented to the user can say "create an account (or login to an existing one) to save your data" along with the signup/login form. If the user signs in or creates an account, the data for the guest account can be migrated to the new "real" account. The logout button can be presented as "discard your data" because that's what it's doing. I think it is the client's responsibility to show the confirmation before showing the controls to perform the other actions, in the same way as it is responsible for showing the login or logout controls in the normal case. I don't think the concept of "not abandonable" is helpful because the server only has control over a couple of the ways that a guest account can be abandoned:
but not if the user simply never comes back. It seems misleading to think "I can stop the user from abandoning their guest account". It might be nice to provide hooks for when a guest user does log in or create a new account though. This provides an easy way to support the "upgrade to real account" or "merge with existing account" flows. Then these hooks could be given the power to reject the login or account creation. They could be used to disable the flow completely (like "my app doesn't do the merge thing") or per guest stuff (like "this guest isn't cool enough to have a proper account yet"). This logic would need to be on the server for security reasons but mirrored in the client for UX reasons. |
Currently if an anonymous user logs in to an existing account, his anonymous account is abandoned without warning. We could instead provide a way to require that they confirm the abandonment first. For example, the user switch could fail if profile.abandonable !== true, and the app developer could be responsible for detecting that failure and presenting an appropriate confirmation dialog that set profile.abandonment.
Should this go in a separate package (e.g. brettle:accounts-anonymous-confirm-abandon)?
What should the API look like? Since the users could be attempting to login with any number of other services, it doesn't make sense to override client-side login methods. But then how does the client know that a confirmation is required? Maybe have the server set profile.abandonable == 'unknown' and have the client monitor notice that change and call a client-side validateAbandonment hook?
The text was updated successfully, but these errors were encountered: