Authentication System for NOI Community App - noi-techpark/odh-docs GitHub Wiki

Authentication Logic

Initial Login

  1. First-time App Access: A user opens the app for the first time.
    • If the user already has an account on a connected system (Eurac, unibz, NOI, etc.), they can use that login.
    • Alternatively, the user can create a new account within the Open Data Hub authentication system and use it to log in.

Email Verification

  1. Email as Primary Identifier: The app uses the email address with which the user logs in as the main identifier.
  2. Obsolete Verification Step: The app checks if the user is authorized by the authentication system. This step has been noted as obsolete and potentially problematic and it is suggested that it should be removed from the app.

CRM Verification

  1. CRM Check: The app then verifies the presence of a "contact" in the CRM that meets the following criteria:
    • The "primary email" set in the CRM's "contact" must match the email used to log in to the app.
    • Under "Details" in the "Place, Press & Community" section, the contact must have the attribute "0. NOI-Community" listed.

Access and Visibility

  1. Access Grant: If a user passes these checks, they can access the app.
  2. Meeting List Visibility: Users with the "0. NOI-Community" attribute under "Place, Press & Community" in Details are displayed in the "Meet" list within the app.

Troubleshooting

If a user is unable to access the app and reaches out for support, the following steps should be taken:

  1. App Verification:

    • Check if the user is visible in the "Meet" list in the app.
    • Confirm that the email displayed in the app matches the email the user is attempting to log in with.

  2. CRM Verification:

    • If the user is not listed in the "Meet" list, it indicates they do not have a "contact" in the CRM or their "contact" lacks the "0. NOI-Community" tag under "Place, Press & Community".

  3. Technical Issues:

    • If there's a different problem, a more technical analysis is required.
    • If the user can provide their password and does not have a critical account, further checks can be performed.
    • Otherwise, a conference call should be arranged with the necessary experts.

Graphical Overview

graph TD
    A[User Opens App] -->|Existing User| B[Login with Connected System]
    A -->|New User| C[Create New Account in Open Data Hub]
    B --> D[Use Email to Login]
    C --> D
    D --> E[Obsolete Verification Step]
    E -->|Verified| F[Check CRM for Contact]
    E -->|Not Verified| G[Troubleshoot Issue]
    F -->|Contact Exists with Required Attributes| H[Access Granted]
    F -->|Contact Missing or Incorrect Attributes| G
    H --> I[User Visible in Meet List in App]
    I --> J[User Can Use App]
    G -->|Technical Issue| K[Further Technical Analysis]
    K -->|Password Provided| L[Perform Checks]
    K -->|Password Not Provided| M[Organize Conference Call]