Merge auth between posthog.com and Cloud

[corywatilo]

This is a draft

Personas

• As an existing PostHog user, I want to be able to ask (or answer) community questions, or enable beta features on the roadmap, without creating a separate login
• As a prospective customer, I want to be able to ask a community question before signing up for a PostHog Cloud account
• As a consultant, I'd like to be able to engage in the PostHog community using an identity that isn't tied to a specific client
• As a former employee of a company that used PostHog, I'd like to continue to use my personal identity in the PostHog community and in conjunction with the PostHog instance of my new employer
• As a PostHog user, I'd like to be able to sign in on PostHog.com and easily access my single (or multiple) PostHog instance, or the instances of my clients

Open questions

• How do we link an existing Cloud account?
• What if I don't have a PostHog Cloud account yet?
  • I'd later need to be able to associate myself to an existing PostHog instance
  • What if I have instances in multiple regions, or multiple accounts?
• How can we preserve access to the community for people who no longer have access to their login? (Should we suggest they add a backup email they can use to reset their password to the community if their primary email is deactivated?)
• Do we need to handle 2fa on the website if their instance requires 2fa?
• Should we support other types of auth, etc Login with GitHub? (In this case, we can auto-fill community profile info...)
• Are there any special hurdles since we have multiple hosting locations now, vs only supporting app.posthog.com accounts?

Notes

• On PostHog.com, we should indicate what instance you're signed into. (Eg: the API key auto-populates based on your current instance.) And should provide instructions on how to switch accounts, even if it requires visiting the PostHog app to change it.

[timgl]

Here's how to do this:

• Create an auth0 account.
• Create a new custom database connection.
• Tick "use my own database"
• Write a script just for login that does the following (example):
  • app.posthog.com/api/login/ with the username/password
  • If that doesn't return, hit eu.posthog.com/api/login/
• Implement Auth0 in posthog.com using their SDKs

[MarconLP]

Currently a successful user login to eu.posthog.com will return { success: true }, we will need to return the user_id on that too, as Auth0 requires a user_id to be set.

Alternatively we could also call the /api/users/@me endpoint and get the id from there.

[MarconLP]

Here's how to do this:

• Create an auth0 account.

• Create a new custom database connection.

• Tick "use my own database"

• Write a script just for login that does the following (example):

  • app.posthog.com/api/login/ with the username/password
  • If that doesn't return, hit eu.posthog.com/api/login/

• Implement Auth0 in posthog.com using their SDKs

Additionally what will happen when a user has both an US account and an EU, but wants to use the eu account? That would not be possible. We would require a select-box asking for the instance.

[MarconLP]

new plan

diagram link

[raquelmsmith]

For your screenshot above @MarconLP (maybe turn this into an RFC so it's easier to comment on the specifics, or link to the tool where you made that diagram) -

We store a cookie on posthog.com called ph_current_instance that says where they are logged in to / last logged into.

We also have a feature flag that tells us if they are in the EU, we can redirect to EU based on that.

What is the use-case for someone registering for strapi/posthog.com but without having a posthog app account? Seems quite unlikely and we can essentially avoid the register portion (and avoiding onboarding) if we just assume this isn't a valid use-case.

[timgl]

This broadly makes sense. We have to be careful about merging users that haven't verified their email.

[MarconLP]

What needs to be done:

• When a cloud user has no strapi_id attached, register a new user on strapi
• Update ask a question menu