feat: redirect to custom URL when third-party auth account is unlinked

[ArturGaspar]

Settings

TUTOR_GROVE_MFE_LMS_COMMON_SETTINGS:
  MFE_CONFIG["TPA_UNLINKED_ACCOUNT_PROVISION_URL"] = "http://example.com/"

TUTOR_GROVE_LMS_ENV_FEATURES: |
  ENABLE_THIRD_PARTY_AUTH: True
  ENABLE_COMBINED_LOGIN_REGISTRATION: True

Description

Allow redirecting to a custom URL when signing in via third-party auth when the account is not linked.

How Has This Been Tested?

1. Set the following settings in the LMS:
   • ENABLE_MFE_CONFIG_API = True
   • ENABLE_COMBINED_LOGIN_REGISTRATION = True
   • ENABLE_THIRD_PARTY_AUTH = True
   • AUTHN_MICROFRONTEND_URL = 'http://localhost:1999'
   • MFE_CONFIG = {"TPA_UNLINKED_ACCOUNT_PROVISION_URL": "http://example.com"}
2. Set 'ENABLE_THIRD_PARTY_AUTH': True and 'ENABLE_AUTHN_MICROFRONTEND': True in FEATURES dict in LMS settings (edx-platform/lms/envs/common.py).
3. Create a dummy backend Oauth2 provider at http://localhost:18000/admin/third_party_auth/oauth2providerconfig/ and enable its "Visible" setting.
4. Set MFE_CONFIG_API_URL='http://localhost:18000/api/mfe_config/v1' in frontend-app-authn (e.g. in .env.development).
5. Go to http://localhost:1999/login.
6. Sign in with the "Dummy" provider.
7. See that you are redirected to example.com

The login page will briefly show before redirect but I see no way to prevent this as the request to http://localhost:18000/api/mfe_context is made asynchronously and we don't know the third-party auth context until it is made, but the login page can be rendered before that.

Merge Checklist

• If your update includes visual changes, have they been reviewed by a designer? Send them a link to the Sandbox, if applicable. - N/A
• Is there adequate test coverage for your changes?

Post-merge Checklist

• Deploy the changes to prod after verifying on stage or ask @openedx/vanguards to do it.
• 🎉 🙌 Celebrate! Thanks for your contribution.

[openedx-webhooks]

Thanks for the pull request, @ArturGaspar!

What's next?

Please work through the following steps to get your changes ready for engineering review:

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

🔘 Let us know that your PR is ready for review:

Who will review my changes?

This repository is currently maintained by @openedx/2u-infinity. Tag them in a comment and let them know that your changes are ready for review.

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[mphilbrick211]

Hi @openedx/vanguards! This is ready for review.

[tecoholic]

@ArturGaspar 👍

• I tested this: Followed the testing instructions and verified that on TPA unlinked state, the user is redirected to the external url set in MFE_CONFIG.
• I read through the code
• I checked for accessibility issues
• Includes documentation

[tecoholic]

@ArturGaspar Is the TPA_UNLINKED_ACCOUNT_PROVISION_URL required here and in the .env? I tested without setting the value in the .env and the change works fine as long as the MFE_CONFIG has this information.

I guess it doesn't hurt to have a default value here, maybe we could document this better somewhere?

[ArturGaspar]

@tecoholic, here it is necessary because someone might want to enable this feature without the MFE_CONFIG API. In .env it is not necessary (as this file defaults it to null) but it seemed appropriate to have it there for reference.

[tecoholic]

Note for core reviewers: The typical use case for this is when an organization wants to do registration of a user across multiple services or use an external service to collect extra registration data that is not available from the TPA provider. So, when the user lands without an account, the get redirected to the external service specified in the TPA_UNLINKED_ACCOUNT_PROVISION_URL where they enter extra details and then get sent back to the login/registration page.

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment failed 💥
Please check the settings and requirements.
Retry deployment by pushing a new commit or updating the requirements/settings in the pull request's description.
📜 Failure Logs
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[mphilbrick211]

Hi @ArturGaspar! Just checking on this. Are the requested changes ready for review?

[ArturGaspar]

@mphilbrick211 Yes, please see discussion at #1078 (comment)

[mphilbrick211]

@arbrandes @openedx/2u-vanguards this is ready!

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[itsjeyd]

Hey @arbrandes, do you have any updates on when you'll be able to complete a final round of review here?

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[mphilbrick211]

@arbrandes is this still in progress, or can it be closed?

[open-craft-grove]

Sandbox deployment successful 🚀
🎓 LMS
📝 Studio
ℹ️ Grove Config, Tutor Config, Tutor Requirements

[ArturGaspar]

@mphilbrick211 If #1354 goes forward we can use the plugin slot to implement this functionality and will no longer need this PR. I'll close this one for now.