There should be an option in id.ai to
‘always use this passkey (to disable this, go to id.ai)’
This way, users can just enter oisy without being an extra few clicks away from entering.
So when entering oisy for example, no interaction is needed inside the id.ai website. Only the website opens to directly ask for the passkey.
Unfortunately things like prompting for passkey signatures and opening popups requires user activation to work reliably across browsers. Without user activation (e.g. clicking a button) there’s a chance the browser might block it.
So the most minimal user interaction we ended up with was a single “Continue” button.
Yep, ok that makes sense.
But. For example, when logging into waterneuron using oisy.
You get to these websites
Waterneuron –> oisy –> id.ai –> oisy –> waterneuron
There should be a solution for it somehow…
You should (by default) still be authenticated in OISY when connecting it to apps, avoiding the need to authenticate with II every time you connect to an app. But sessions with OISY are indeed short (1 hour) for security reasons, so it’s likely users will experience going through the flow you’ve described regularly.
Long term, we’re looking into way to improve how sessions work on the IC, allowing for longer sessions while maintaining the high level of security users expect. Additionally we’re also looking into more ways apps can integrate II (e.g. redirect as alternative for popup), which would enable for more streamlined user experiences.
Thanks for clarifying things with an example flow, this made the underlying reason for this proposal more clear to me 