Add support for Mozilla Accounts prompt none auth flow

[flozia]

References:

Jira: MNTOR-3492

Description

Adds support for Mozilla Accounts promt=none authentication flow. The initial use cases will be a promotional link from Mozilla Accounts. We expect them to link to us with the following UTM parameters that we can use to initiate the promt=none authentication flow:

• utm_source=moz-account
• utm_campaign=settings-promo
• utm_content=monitor-free

How to test

• Enable the feature flag PromptNoneAuthFlow
• Visit http://localhost:6060/?utm_source=moz-account&utm_campaign=settings-promo&utm_content=monitor-free with and without the user authenticated with FxA

Checklist (Definition of Done)

• Commits in this PR are minimal and have descriptive commit messages.
• I've added a unit test to test for potential regressions of this bug.
• If this PR implements a feature flag or experimentation, the Ship Behind Feature Flag status in Jira has been set
• Product Owner accepted the User Story (demo of functionality completed) or waived the privilege.
• All acceptance criteria are met.
• Jira ticket has been updated (if needed) with suggestions for QA when this PR is deployed to stage.

[github-actions]

Preview URL 🚀 : https://blurts-server-pr-5104-mgjlpikfea-uk.a.run.app

[Vinnl]

Code looks good. However, if I visit http://localhost:6060/?utm_campaign=settings-promo&utm_content=monitor-free without being logged into FxA (with the flag enabled), I get the Next-Auth error page:

That's me ending up at http://localhost:6060/api/auth/signin?error=Callback.

Same if I'm signed in to Monitor, then sign out, and then visit that URL again. The only way I can get it to work, is by signing in to Relay, and then visiting the URL.

This also seems like exactly the type of use case where a couple of end-to-end tests would be useful, perhaps?

[rhelmer]

Thanks for the comment, hopefully they add this eventually.

[flozia]

Code looks good. However, if I visit http://localhost:6060/?utm_campaign=settings-promo&utm_content=monitor-free without being logged into FxA (with the flag enabled), I get the Next-Auth error page:

Thanks for catching this issue @Vinnl! I did not run into this issue myself before, but was able to reproduce it in private browsing mode. If a user is not authenticated with FxA we get a callback error. I’m handling this error now in the NextAuth handler here.

This also seems like exactly the type of use case where a couple of end-to-end tests would be useful, perhaps?

Absolutely! I ran into some limitations around feature flags while adding E2E tests (something we need to introduce a workaround for) for the silent authentication flow. I have an “almost ready to push” branch that addresses the issue around feature flags and I’m adding the E2E tests as a quick follow-up.

Edit: Opened PR #5150 for adding the E2E tests.

[github-actions]

Cleanup completed - database 'blurts-server-pr-5104' destroyed, cloud run service 'blurts-server-pr-5104' destroyed

[Vinnl]

@flozia Shouldn't this be going to / rather than /user/dashboard/? Now, if I'm not signed in, I get redirected to FxA, then back to Monitor, then to the dashboard, where I see a flash of an error page, before being redirected back to FxA, but this time not a prompt=none flow, so I'm still asked to sign in. (If that's what we want, we could just not do a prompt=none flow, right?)

[flozia]

@Vinnl Redirecting to / might be safer in this case. The idea behind redirecting to /user/dashboard was to initiate authentication as a fallback, but there might be too many redirects — I’ve opened PR #5192.