Authenticate into a course via the admin course

[Alex-Jordan]

Suppose you are authenticated into the admin course as a certain user. And some other course also has a user by the same name. Would there be any concerns if it became possible to just click something from the admin course (like click the link on the course listings page), and that would authenticate you into that other course?

We could require that the two users in the two different courses not only have the same user name, but also the same password hash, if there are concerns about actually different people happening to have the same username in different courses.

As a site admin, I'd like to easily be able to enter courses to help with this and that. Also, I would like to enable 2FA across the board. So I'd prefer not to have a dozen or more 2FA items (one for each course) in my authenticator app. Also, I'd like to encourage (and require where possible) that courses use LTI, and then toggle the setting requiring LTI login. This too would complicate my entry as an admin into regular courses, but being able to authenticate through the admin course would alleviate that.

I'd like to try to implement this for 2.19, but I want to see if anyone thinks this is a bad idea for one reason or another.

[drgrice1]

I think this is a good idea. Ideally, there wouldn't even need to be an admin user by the same name in the other course. An admin user in the admin course could just enter any course. Of course, that is most likely not possible (or least would be rather challenging I would think) to implement with webwork2's database structure.

[dlglin]

I agree that this would involve working around the db structure. My first brainstorm was to handle this with non-native tables. For example put the admin users in a non-native table and have the authentication module check that in addition to the course user table.
It feels very hackish to have the code check for users in two different places, but I think it could be done. We'd have to be careful about collisions of usernames between the two places.