Unfinished registration page

[srallen]

Expected behavior

Current behavior

Please include any error messages from the browser console and/or screenshots
This page,
Originally zooniverse/panoptes#2408:

https://www.zooniverse.org/accounts/register
which mobile users see, has this title
"Sign in with your Zooniverse account"
but it's about registration, not signing in.

Also, the "Sign in with" Facebook/Twitter/Google buttons do nothing.

(Desktop browser users see this in a popup window, which hides the title and the "Sign in with" buttons.)

Steps to replicate

Note: This page was unfinished and unlinked to from the rest of the site, however, is still accessible directly via the router.

Additional information

The "Sign in with" buttons were never wired up after oauth support was added. We only support oauth with Google and Facebook, so the sign in with Twitter button should be removed.

Also, do we need a separate registration page like this? Perhaps we just add the 'sign in with' buttons to the modals instead.

• Operating system:
• Browser:

[srallen]

@murraycu Could you elaborate by what you mean by what mobile users see? Do you mean the Zooniverse mobile app or with a mobile web browser? OS/Browser info would be useful. Thanks!

[eatyourgreens]

Is that page there for any legacy sites that link to https://www.zooniverse.org/accounts/register ? If not, we could delete it.

[camallen]

Delete and redirect is an option, e.g. https://github.com/zooniverse/static/blob/master/sites/www.zooniverse.org.conf though it may not help if registration is in a modal? on the home page.

[eatyourgreens]

If you're referring to the registration form that pops up on galaxyzoo.org and other old sites, that's in https://github.com/zooniverse/Zooniverse/blob/master/src/views/signup-dialog.eco so wouldn't be affected by deleting this page.

/signup redirects to /accounts/register I wonder why that was set up? Something must have been using it at some point.

[camallen]

Zoo home had /signup so we redirected it to that page when we shut it down.

I get a modal popup when registering on https://www.zooniverse.org.

[eatyourgreens]

That's the LoginDialog component, but /accounts points to something called SignInPage, which I don't think is used anywhere else.

[murraycu]

@murraycu Could you elaborate by what you mean by what mobile users see

Ah, you are right. I thought mobile users saw the full page when browsing normally, but I seem to be wrong. Sorry for the confusion.

I actually discovered this issue because my Galaxy Zoo Android and iPhone apps take the user to
https://zooniverse.org/signup
which now redirects to
https://www.zooniverse.org/accounts/register

I probably used that in the apps because it was probably once linked from the website. Is there a better URL that we should use? Of course, using a stable official server API would be nicer: murraycu/android-galaxyzoo#37

[camallen]

@murraycu would something like https://signin.zooniverse.org/users/sign_up work better for you?

This uses the new api infrastructure to create users, it currently won't return you the API key via a serialized response though (older infrastructure e.g. GZ sites will). This API does support oauth flows that can replace the current setup.

[marten]

@murraycu The ideal flow for native applications to integrate with our login would be to use the Authorization Code flow with some custom URI scheme (myapp://...). You'll need to create your own OAuth application at https://signin.zooniverse.org/oauth/applications for this to work.

The flow would then be:

• Tell whatever the Android OAuth library of choice is to perform authentication with https://signin.zooniverse.org/oauth/authorize as the URL, and your defined custom URL scheme as the redirect_to.
• The user should already be logged in because they just registered, and get a webview that asks if they want to authorize your OAuth application to have access to their account. If they click allow, that view will redirect to that custom URI you told Android to send to your mobile app.
• The redirect_uri will be called and it'll contain a Authorization Token, and you should use that to exchange it for an access token plus refresh token.

If the user isn't logged in yet, they'll see a login prompt at step one. But the benefit is they enter their password directly on a URI on our domain, so they know they can trust it, rather than handing their credentials to an app written by a third-party. If they're not registered yet, there should be a link to register there too.

Most of all of that should be handled by some OAuth library for you, surely one exists for Android. I'm definitely happy to help you through this process, I know OAuth can be a pain a lot of the time.

[marten]

I also recognize that this might be much more work than you're willing to put into it at the moment, and that's fine too.

[murraycu]

@murraycu would something like https://signin.zooniverse.org/users/sign_up work better for you?

Unfortunately, that seems to have a minimum width that is too narrow for mobile devices. For instance, in portrait mode on my Nexus 5X, The left and right are cut off, so you see "ername" instead of "Username".

[murraycu]

@marten , I am definitely interested in doing it properly, particularly since you seem ready to help me do that. I can't promise to get to it very soon, but I think I'll get to it. Thanks.

[camallen]

@murraycu thanks for the report, those forms should be responsive. I've created an issue for it zooniverse/panoptes#2410