Skip to content
This repository was archived by the owner on Oct 8, 2025. It is now read-only.

Guest authentication with jwt #457

Open
JakobTolkemit wants to merge 21 commits into
base: 1.5
Choose a base branch
from
Open

Guest authentication with jwt #457

JakobTolkemit wants to merge 21 commits into from

Conversation

@JakobTolkemit
Copy link

@JakobTolkemit JakobTolkemit commented Jul 4, 2019

A guest authentication like proposed in #452

We implemented this in our project and these are basically the parts that we thought make sense to give back to the plugin.

@JakobTolkemit JakobTolkemit requested a review from a team as a code owner July 4, 2019 09:40
@JakobTolkemit JakobTolkemit force-pushed the guest_authentication branch from 74be136 to 12a85c7 Compare July 4, 2019 11:45
@JakobTolkemit JakobTolkemit force-pushed the guest_authentication branch from a501d7f to e1f8aa1 Compare July 4, 2019 12:52
@JakobTolkemit JakobTolkemit force-pushed the guest_authentication branch from e408cf3 to 2b626f1 Compare July 4, 2019 13:13
mamazu
mamazu approved these changes Jul 4, 2019
View reviewed changes
Copy link
Contributor

@mamazu mamazu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good.

@mamazu
Copy link
Contributor

mamazu commented Jul 4, 2019

@dlobato What do you think?

@JakobTolkemit JakobTolkemit force-pushed the guest_authentication branch from 25f7111 to 6c39942 Compare July 5, 2019 08:36
@JakobTolkemit JakobTolkemit force-pushed the guest_authentication branch from 6c39942 to 32fbc4b Compare July 5, 2019 08:44
@dlobato
Copy link
Contributor

dlobato commented Jul 5, 2019

I believe #443 already solves the problems mentioned on #428
This is a different feature, or Am I seeing this wrong?

@mamazu
Copy link
Contributor

mamazu commented Jul 6, 2019

This pull request is more elaborate and offers a guest customer to login as well (with a jwt token and so on). It requires the customer to provide some information about the order (and not just the order uuid) to confirm that it is indeed the guest who orders it.

@dlobato
Copy link
Contributor

dlobato commented Jul 8, 2019

The use case that I'm more concerned about is "changing payment after payment failure on guest checkout". So, as far as this is covered with this change I'm fine with it. I'd suggest to make authentication with guest users optional, showing only a limited view of orders as implemented in #443. This way we can keep the checkout process simple and still show the complete order to a guest user if she provides enough information to trust her.

Also, @lchrusciel stated: "According to orders endpoint, I would say, that we should stick as close as possible with the default implementation", and in my eyes this PR already moves a little bit away from it.

@peterukena
Copy link

peterukena commented Jul 9, 2019

Co-dev for this PR here: So this PR does not fiddle around with payment or anything - this is just there to enable a guest to check on his order after a period of time with protected access through a guest-firewall.
I am sure one can extend on this to enable order modification for guest orders - and in my personal opinion failed payments and a subsequent change of the payment method should be handled before an order is created (e.g. PayPal, CC and other instant payments). For other payments, an order should be cancelled and reordered instead of changing the payment, what do you think?

@mamazu
Copy link
Contributor

mamazu commented Jul 9, 2019

This could be closed in favor of #443 which has been merged.

@peterukena
Copy link

peterukena commented Jul 22, 2019

@lchrusciel just pinging you again to see this 🙂 🚀

@JakobTolkemit
Copy link
Author

JakobTolkemit commented Aug 12, 2019

@lchrusciel Still no update on this?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@mamazu mamazu mamazu approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@lchrusciel lchrusciel

Labels

New Feature RFC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@JakobTolkemit @mamazu @dlobato @peterukena @lchrusciel