Unable to login from the form page (ee.*), while it works from the main KoboToolbox one (kf.*)

There is in my opinion a major UX bug when creating users.

The use case is simple; as an entity, I created a form that will be used by a select group of third party people.
Those people (more than 200) will then use the form to enter data that are tied to them (hence I add the username in the metadata).
They won’t have permission to view the submissions of others (so I had to prevent the ‘View submissions’ since there are no ‘View own submissions’ permission that I know of).

In order to simplify the account creation difficulties, I created a script to batch create those third party accounts in Kobotoolbox.
I checked and those accounts can log in KoboToolbox; everything is working fine.
Since I do not want anonymous submissions for this form, I updated the account settings for the account that created the form to force the authentification to view the forms and submit data.

Now, here is the problem I encounter: using the account that created the form, I give the “Add submissions/view submissions” permissions to 2 accounts whose username are user92 and user93.

To test that the permissions are ok I followed 2 testing paths:

  • Use a browser with no cookies nor any storage data for the KoboToolbox domain (ie. https://ee.mydomain.com/)
  • Go to https://kf.mydomain.com/, then login with user92.
  • Then from there, open the form https://ee.mydomain.com/x/Foobar ; everything is working as intended.
  • Use a browser with no cookies nor any storage data for the KoboToolbox domain (ie. https://ee.mydomain.com/)
  • Since the third party users are not really tech-savvy, I want to send them the direct form url, so that they just have to login to see the form
  • So I paste the form url https://ee.mydomain.com/x/Foobar in the browser
  • I can see that the form is not displayed, and a login/password is asked (great!)
  • I enter the credentials for user93, then hit Submit
  • Then UX-wise it fails spectacularly since the login page is just reloaded and cleared; the user is stuck in an infinite loop where login in never gets him out of the login page! (the url in the browser is https://ee.mydomain.com/login?return_url=https%3A%2F%2Fee.mydomain.com%2Fx%2FFoobar)
  • Trying to force the url to https://ee.mydomain.com/x/Foobar redirects the user to the login page

The expected result should be that login successfully should :

  • login successfully, and
  • return the user to the form, not the login page

To give more technical details, I checked the network tab when trying to login, and I see

  • login?return_url… POST → 302 Found
  • Foobar GET → 200 OK
  • lots of successfull woff/css/svg requests
  • Foobar POST → 401 Unauthorized
  • then loop again

It seems the login via ee.mydomain does not work.

Did you manage to solve this problem? Usually even if you are logged into kf, you will be asked to login again for ee when you try to submit the data. Isn’t that happening?

1 Like