...
- Users should have single-sign on (SSO) behavior in the browser among their Google and Synapse accounts. (As of Sprint 5, we have SSO with sagebase.org Google domain, but not general Google accounts.)
- We also need to support having users create accounts when they do not have a Google account. We also need to support creating separate account for R / API access to Synapse services.
- Users should not have to log-in until they do something that requires authentication. We want to encourage browsing public content as Anonymous.
User Logs
...
into Synapse with Google Account
- From any screen of the application, user selects Login link in upper right corner of the header
- Application takes user to log-in screen
- User chooses log-in method
- User chooses Google log-in
- System determines user has an active Google session
- System logs user in
- User does not have active Google session
- System directs user to Google log-in page for login
- System determines user has an active Google session
- User chooses Synapse log-in and supplies valid email and password
- System validates account credentals and logs user in
- User chooses Google log-in
- System redirects user to page they were originally viewing before logging in.
User Creates New Synapse Account
...