Provide information to the client about authentication status changes

[lorenzo-cavazzi]

Problem

Some APIs can be invoked successfully without being authenticated on that service (GitLab). Since the headers sent by some clients contains information not accessible from the client's code (i.e. UI code can't access cookies information stored in the browser), it's possible that the client isn't aware of the authentication changes happened somewhere else (e.g. in another tab in the browser).
Reference: SwissDataScienceCenter/renku-ui#1048

Solutions

A possible solution would be providing extra information to the client, e.g. by adding and extra header in the response containing information about the target user (username or anonymous).

An alternative ideal would require the not yet finished notification system. The gateway could send a message every time an authentication change happens (logout, new login) and the relevant clients connected though WebSockets would receive the information.

[ableuler]

@lorenzo-cavazzi Would this still add value after the recent improvements made on the UI side?

[lorenzo-cavazzi]

I believe we can close this. Since the authentication sessions are separate (a user can log out from chrome and still be logged in in firefox), and we have already implemented a UI-specific solution for the browsers, there is no need for a mechanism to notify logout to every user's session.