From ff72d797481f3155dc8654b6890a00bdb9c64ec5 Mon Sep 17 00:00:00 2001 From: Kim Gardner Date: Tue, 12 Nov 2019 14:47:05 -0500 Subject: [PATCH] Update SSO docs and add GDPR docs (#2701) * Update SSO docs and add GDPR docs * Update docs/source/version-5-gdpr.md Co-Authored-By: Wyatt Johnson * Update docs/source/version-5-gdpr.md Co-Authored-By: Wyatt Johnson * Update docs/source/version-5-gdpr.md Co-Authored-By: Wyatt Johnson --- docs/_config.yml | 2 ++ docs/source/version-5-gdpr.md | 39 +++++++++++++++++++++++++++++++++++ docs/source/version-5-sso.md | 26 ++++++++++------------- 3 files changed, 52 insertions(+), 15 deletions(-) create mode 100644 docs/source/version-5-gdpr.md diff --git a/docs/_config.yml b/docs/_config.yml index e564f618a..11d703b54 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -94,6 +94,8 @@ sidebar: url: /v5/integrating/cms/ - title: Single Sign On url: /v5/integrating/sso/ + - title: GDPR + url: /v5/integrating/gdpr/ - title: Comment Count url: /v5/integrating/counts/ - title: API diff --git a/docs/source/version-5-gdpr.md b/docs/source/version-5-gdpr.md new file mode 100644 index 000000000..8c223e3af --- /dev/null +++ b/docs/source/version-5-gdpr.md @@ -0,0 +1,39 @@ +--- +title: GDPR Compliance +permalink: /v5/integrating/gdpr/ +--- + +In order to facilitate compliance with the +[EU General Data Protection Regulation (GDPR)](https://www.eugdpr.org/), Coral +provides features so your users can change and manage their own data. + +Even if GDPR will not apply to you, it is recommended to enable these +features as a best practice to provide your users with control over their own +data. + +## GDPR Feature Overview + +Integrating our GDPR tools will give your users and organizations the following benefits: + +- **Download my comment data**: Users can request a download of their comments. An email with a link is emailed to them to download a CSV with each comment they've made, what story it was made on, and the comment's ID and timestamp. +- **Delete my account**: Users can request deletion of their account. Deleted account requests are pending for 24 hours to allow the user to download their comments, or to change their mind and reactivate their account before the expiry. Account deletions remove all of their comments from the site, all their comments and actions from the database, and their account info from our system. +- **Add an email to an OAuth/external account**: Users are prompted to add an email to their non-Coral account (Facebook, Google, external, etc) so that they can take part in GDPR and other features requiring email communication. +- **Change my username**: Users can update their username. This is capped at once every 2 weeks. +- **Change my email**: Users can change their email. +- **Change my password**: Users can change their password. + +## GDPR with SSO + +As many newsrooms often implement their own [SSO solutions](/talk/v5/integrating/sso/), +we also provide API support to manage GDPR features directly from your own Account or My Profile page. + +We provide the following GraphQL mutations designed to allow you to integrate it into your existing user +interfaces or exports. + +- `requestUserCommentsDownload` - lets you grab the direct link to download a users + account in a zip format. From there, you can integrate it into your existing + data export or simply proxy it to the user to allow them to download it + elsewhere in your UI. +- `deleteUserAccount` - lets you delete the specified user + +**Note: These mutations require an administrative token** diff --git a/docs/source/version-5-sso.md b/docs/source/version-5-sso.md index 0622da62d..f93c2181d 100644 --- a/docs/source/version-5-sso.md +++ b/docs/source/version-5-sso.md @@ -7,47 +7,43 @@ In order to allow seamless connection to an existing authentication system, Coral utilizes the industry standard [JWT Token](https://jwt.io/) to connect. To learn more about how to create a JWT token, see [this introduction](https://jwt.io/introduction/). -1. Visit: `https://{{ CORAL_DOMAIN_NAME }}/admin/configure/auth` +1. Visit: ```https://{{ CORAL_DOMAIN_NAME }} /admin/configure/auth``` 2. Scroll to the `Login with Single Sign On` section 3. Enable the Single Sign On Authentication Integration 4. Enable `Allow Registration` 5. Copy the string in the `Key` box 6. Click Save -> **NOTE:** Replace the value of `{{ CORAL_DOMAIN_NAME }}` with the location of your running instance of Coral. +> **NOTE:** Replace the value of ```{{ CORAL_DOMAIN_NAME }}``` with the location of your running instance of Coral. You will then have to generate a JWT with the following claims: -- `jti` (_optional_) - A unique ID for this particular JWT token. We recommend +- `jti` _(optional)_ - A unique ID for this particular JWT token. We recommend using a [UUID](https://en.wikipedia.org/wiki/Universally_unique_identifier) for this value. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself. -- `exp` (_optional_) - When the given SSO token should expire. This is +- `exp` _(optional)_ - When the given SSO token should expire. This is specified as a unix time stamp in seconds. Once the token has expired, a new token should be generated and passed into Coral. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself. -- `iat` (_optional_) - When the given SSO token was issued. This is required to +- `iat` _(optional)_ - When the given SSO token was issued. This is required to utilize the automatic user detail update system. If this time is newer than the time we received the last update, the contents of the token will be used to update the user. -- `user.id` (**required**) - the ID of the user from your authentication system. +- `user.id` **(required)** - the ID of the user from your authentication system. This is required to connect the user in your system to allow a seamless connection to Coral. -- `user.email` (**required**) - the email address of the user from your +- `user.email` **(required)** - the email address of the user from your authentication system. This is required to facilitate notification email's about status changes on a user account such as bans or suspensions. -- `user.username` (**required**) - the username that should be used when being - presented inside Coral to moderators and other users. The following restrictions apply : - - Can only contain letter (`a-zA-Z`), number (`0-9`), underscore (`_`) or period (`.`) characters. Spaces and other special characters are not allowed. - - Min length = 3 - - Max length = 30 - -- `user.badges` (_optional_) - array of strings to be displayed as badges beside +- `user.username` **(required)** - the username that should be used when being + presented inside Coral to moderators and other users. There are no username validations or restrictions enforced by Coral when you're using SSO. +- `user.badges` _(optional)_ - array of strings to be displayed as badges beside username inside Coral, visible to other users and moderators. For example, to indicate a user's subscription status. -- `user.role` (_optional_) - one of "COMMENTER", "STAFF", "MODERATOR", "ADMIN". Will create/update +- `user.role` _(optional)_ - one of "COMMENTER", "STAFF", "MODERATOR", "ADMIN". Will create/update Coral user with this role. An example of the claims for this token would be: