Don't delete external apps even when people are using it as auth method
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Wishlist
|
Dianne Tennent | ||
Bug Description
When you set up an external app, e.g. LTI or LTI Advantage, you can delete it from Admin menu -> Web services -> External apps even when some people are still associated with it as authentication method, essentially rendering their accounts unusable. Normally, when an authentication method is still in use, you cannot remove it for an institution.
There are a few things that would require clean-up and improvement:
1. Bug #1947533 should be fixed first.
2. If a person still uses that authentication method then the external app should not display a 'Delete' button for that external app so that it can't be deleted accidentally.
3. Actually tie an external app to a particular 'webservice' authentication. Right now, when you select 'webservice' as authentication method in an institution, you can't configure it, and it checks whether web services are available in the institution and then allow those in. It does not check though if, for example, it should be LTI or LTI Advantage with which an account is set up.
Therefore, what should happen is the following:
a) Site admin sets up an LTI external app for institution A and calls it 'LMS' and sets up a second one for LTI advantage called 'University'.
b) Site admin selects 'webservices' (rename to 'External app) as auth method in the institution settings for institution A and sees a drop-down menu with all available external apps, in this case 'LMS' and 'University' and selects one of them. The display in the settings page reads 'External app: LMS' (or 'External app: University').
c) When a student logs in via the LMS external app, their account is associated with that external authentication method.
d) On the 'External apps' page, 'LMS' doesn't have a 'Delete' icon because an account is associated with it and uses that app to log in.
We will need to think about how to deal with that in an upgrade because at the moment, an institution could have two LTI external apps configured and in the auth instance table there would be only one 'webservices' option, not differentiating between the different apps.
| Changed in mahara: | |
| importance: | High → Wishlist |
| description: | updated |
| Changed in mahara: | |
| assignee: | nobody → Dianne Tennent (dianne-t) |
| status: | Confirmed → In Progress |
| Mahara Bot (dev-mahara) wrote A patch has been submitted for review | #1 |
| Dianne Tennent (dianne-t) wrote Re: You can delete external apps even when some people are using it as auth method | #2 |
| Changed in mahara: | |
| milestone: | 22.04.0 → 22.10.0 |
| Mahara Bot (dev-mahara) wrote A change has been merged | #4 |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| tags: | added: newfeature |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
| Kristina Hoeppner (kris-hoeppner) wrote Re: You can delete external apps even when some people are using it as auth method | #5 |
| summary: |
- You can delete external apps even when some people are using it as auth - method + Don't delete external apps even when people are using it as auth method |
Patch for "main" branch: https:/