fix(ir-engine): fixed missing email parameter in ZenDesk JWT #10940
Conversation
jonathan-casarrubias
requested review from
barankyle,
MoizAdnan,
hanzlamateen,
hurairahmateen and
aditya-mitra
as code owners
jonathan-casarrubias
requested review from
HexaField,
kattsushi,
mikeplascdev and
hanzlamateen
and removed request for
hanzlamateen
| @@ -29,11 +29,14 @@ import { disallow } from 'feathers-hooks-common' | |||
| import { sign } from 'jsonwebtoken' | |||
|
|
|||
| const getZendeskToken = (context: HookContext<Application>) => { | |||
| const { email } = context.params.user.identityProviders.find((ip) => ip.email) | |||
There was a problem hiding this comment.
i don't think this will be populated for users who logged in with any other Oauth, or if the email field is populated in multiple identity providers, how do we decide which one to use?
There was a problem hiding this comment.
Apple/Google/Github should all have an email after #10894. But it looks like Twitter/FB/Discord/LinkedIn were skipped since we're not using them on the platform right now, so that's still a concern. And deciding which one to use is a good point.
There was a problem hiding this comment.
Regarding deciding, what if we prefer magiclink identity-provider over SSOs. And if its missing, then use any SSO.
Or maybe in SSO we can give preference to google > apple > github?
Or is there any other way?
There was a problem hiding this comment.
What's the suggestion here then?
There was a problem hiding this comment.
Hey so, I have locally created 2 different users, one through the magic link process and another using github oauth social login, I've verified that either way, the user's "email" property is being populated, see screenshot:
Based on the fact that email address is always available in the email property, I believe that it's safe to use the email property as single source of truth.
Regarding deciding which email to pick, I don't see any difference between picking the first against prioritizing selections, either we are making an assumption which by nature can be right or wrong regardless.
Unfortunately asking the user isn't an option since that's exactly what we are trying to avoid here, so if we can't ask the user and there's no difference nor guarantees between different assumptions, IMO the right way to solve this is by having a "primary contact" kind of feature, like having a "Primary Shipping Address" in Amazon, "Primary Payment Card" in Uber and so on, that should be configured within a user's Profile and then using the primary user's selection when needed, like in this case.
That's the only way I see to fulfill the expectation, while maintaining the user's right to decide what's the personal preference.
There was a problem hiding this comment.
@jonathan-casarrubias in your example you used magic-link and github which were associated with same email address. But what if, for magic-link you used [email protected] while the github account that you used had [email protected] associated with it. In that case the email field would have different values and thats the inconsistency we are referring to. Hope it clears out the confusion.
If you want I can post a video depicting this scenario.
I agree regarding your primary email address thing. For now we can go ahead with if there is any record with identity provider type === 'email' (this is the case when magic-link was used). If this identity provider is there, then use the email from it. Otherwise use email from the random one.
Summary
Fixed missing email property from signed ZenDesk JWT
Subtasks Checklist
Breaking Changes
References
closes #insert number here
QA Steps