Skip to content

Overhaul login flow

Joshua Goins requested to merge work/redstrate/login-flow into master

Problem

Our old login flow is way too basic, and sometimes doesn't work. It's a little embarrassing when someone can't even figure out how to log in 😦 Or when even logged in, we don't give any useful information as to why it failed - even if that reason is out of our control.

image

New flow

This is a reimagining (marketing speak) of our login flow, which looks and feels nicer. It's not only shiny, but packed with features!

image

This is the new homepage, which is what users will see when they first launch Tokodon and when adding a new account. Note that this will always be a separate window, when launched through settings/other methods. The login window now closes when it's supposed to as well.

There are three functions on this page:

  • Learn More -> leads to joinmastodon.org for now, can be expanded later but out of scope for this MR.
  • Register -> leads to server selection for registration!
  • Login -> leads to what you'd expect, our login pages.

Registration

Now Tokodon supports registering for an account, and this was tested on mastodon.social but also on my testing Pleroma/Akkoma server. Note that it's very basic right now, but it's a start.

image

It says "Pick a Server" because this could eventually be expanded into a proper server selection (joinmastodon.org has an API we can use) but that's out of scope for this MR. When registering, you are presented with a familiar form:

image

The full error message spec is supported, so it will properly format the form with error messages from the server. Right now you can't view the server rules and privacy policy, but that's out of scope for this MR.

If the registration is successful, the flow is completed. If the server requires extra steps after registration (Captcha, e-mail verification, etc) then Tokodon will ask the user to attempt re-login once those steps are completed in a web browser. None of this is defined in the Mastodon spec like it is for Matrix, so this is the best we can do for now.

Screenshot_15_150834

Now the client handles login errors (instead of hiding the account from the switcher like it did previously). It will show the login error it received, and allow you to re-attempt login once you fixed them. Right now this is only server-side errors, but we can expand this to errors caused by the user/system like the keychain going missing.

Login

Logging in also received some improvements, especially for mobile users. Now the authorization flow happens inside of the app through a webengine view:

Screenshot_15_120826

In a possible future MR, an action could be added to open the authorization externally so power users can use their browser's password manager. That's out of scope for this MR though.

Edited by Joshua Goins

Merge request reports

Loading