Proposal for Hubs login flows
There are two planned features which will require being signed into an account:
Pinning objects. To pin an object to a room (regardless of if its an upload) you’ll need to sign in. Eventually there will be a page you can go to to manage/remove your pinned objects. As a bonus this will also allow us to provide a list of rooms to you, so you can “bookmark” a room by just pinning something into it.
Becoming the host or mod of a room. Hosts can edit room settings and the name of the room, and mods + hosts can kick/mute users.
Logging in will be the same as in Spoke – enter an email address to both sign in or create an account, and you get a loading spinner while you async click on the link, and tab back.
Login status appears in the bottom of the presence list. When logged out it shows a simple “sign in” button. When logged in, it shows “Logged in as email@example.com [sign out]”. The expectation is that the “sign in” flow here will be basically unused, but its needed as an escape hatch for some users to sign in if they accidentally log out, session expired, etc.
We don’t store email addresses on the server. When a user logs in, we store their auth token as well as the email address they used to log in in local storage, so we can display it.
Two primary sign in flows:
When you click “pin” on an object when signed out
When you click an “edit” or “gear” icon in the lobby panel at the bottom, which would normally pop up the room properties panel where you can rename the room or change room settings. (This prompt will only be available if the room does not yet have a host.)
CTA prompt for login modal should be customized depending on the mechanism which popped it. (Eg “To pin objects and save them to the room, you’ll need to sign in.”)
When linking headsets, we should transfer the token and email info to the device to prevent the need to sign in again. We may want to consider adding an additional character to the code for additional security.
Display name and avatar settings are not stored with the account. The display name and avatar settings will migrate over device linking as usual, but signing in will not automatically set the name and avatar. If a user signs out, we should re-generate a random avatar choice.
Potential idea: when you sign in, if the avatar name has not been customized, set it to the prefix of the email address.
When in VR, tapping the “pin” button will bring you out of immersive mode and show the login prompt. Hitting cancel will re-enter immersive mode. After signing in, the modal will have a “re-enter VR” button at the end that is the only way to proceed which will re-enter immersive mode. For now there is no other way to be prompted to sign in when using VR (beyond using the 2D UI before entering immersive mode.)