Skip to content

Move TOS/PP to Auth Method Picker screen, provide guidance for single-provider flow #1245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
samtstern opened this issue Apr 4, 2018 · 8 comments
Closed

Move TOS/PP to Auth Method Picker screen, provide guidance for single-provider flow #1245

samtstern opened this issue Apr 4, 2018 · 8 comments
Labels
auth fix-implemented type: feature request
Milestone
4.0.0

Comments

@samtstern
Copy link
Contributor

This is an extension of #492 based on some internal discussion about the best way to handle this.

Currently we show the TOS/PP in two places:

  • Email sign up screen
  • SMS code prompt screen

Some problems:

  • Before getting to the email sign up screen, you have already entered some personal information (in the check email screen)
  • Sometimes the SMS code prompt screen is skipped when auto-verification works
  • There is no TOS/PP shown for social flows
  • When you enter a single-provider flow, there's no FirebaseUI-owned UI at all

Solutions:

  • Remove TOS/PP from everywhere that it is present
  • Add TOS/PP on the AuthMethodPicker screen, which is shown before any multi-provider flow
  • Add guidance in the README that developers using FirebaseUI for single-provider flows should show a TOS/PP screen in their own UI before launching FirebaseUI as there's no guarantee we will have a chance
@samtstern
Copy link
Contributor Author

Here are some examples of how other auth UI frameworks do this.

Okta
image

Auth0
image

Personally I think the Auth0 approach is pretty good.

@samtstern samtstern mentioned this issue Apr 4, 2018
Closed
@samtstern samtstern added this to the 3.4.0 milestone Apr 4, 2018
@samtstern
Copy link
Contributor Author

Update:
In the case of the email/phone flows we will continue to show TOS/PP with the following changes:

  • Move it to the first screen in each flow
  • Only show it in the single-provider case, which means the user will not have seen TOS/PP links in the Auth Method Picker screen

We will still need to provide guidance to developers using email flow because SmartLock could cause the UI to be completely skipped.

@morgler
Copy link

morgler commented Apr 30, 2018
edited
Loading

Are you aware of the GDPR law requiring explicit consent of the user (e.g. by checking a checkbox)? Just saying "By signing up, you agree" is not legal anymore in any EU country.

More on this law: https://www.eugdpr.org

@eliotstock
Copy link

16 days till GDPR, and apps aren't compliant without this. Can we get an ETA please?

@lsirac lsirac mentioned this issue May 15, 2018
Merged
@samtstern
Copy link
Contributor Author

The fix for this has been merged into 4.0.0, now just waiting for translations to come through. Committed to getting this released before the deadline.

@ahaverty
Copy link

@samtstern Have firebase any thoughts on the "requiring explicit consent" condition/ @morgler 's comment and whether the upcoming v4.0.0 changes are actually compliant?

@samtstern
Copy link
Contributor Author

We believe these changes are compliant.

@samtstern
Copy link
Contributor Author

This has been fixed and released in 4.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth fix-implemented type: feature request
Projects
None yet
Milestone
4.0.0
Development

No branches or pull requests
4 participants
@morgler @eliotstock @ahaverty @samtstern