[Proposal] Block registration from particular countries
View the Github ticket for proposal status updates.
Feature proposal
We propose introducing a feature that allows platform administrators to restrict users from selecting one or more countries during sign-up and on the accounts page. Currently, no such option exists in the platform. This feature would be valuable in scenarios where admins need to prevent users from specific countries from accessing their edX instance, either due to legal, regulatory, or strategic reasons. This will also provide an easy-to-manage system for controlling user access without requiring manual intervention or workarounds.
Current implementation
Micro-Frontends (MFEs)
The Authentication (authn), Account, and Profile MFEs currently use the @edx/frontend-platform library to get a list of translated country names. This library depends on the i18n-iso-countries
npm package, which provides the country list and ensures the names are translated according to the user’s locale. Each of these MFEs retrieves the country list individually and displays it.
Mobile Apps (Android & iOS)
The Android and iOS apps, on the other hand, utilize a backend API to fetch the country list and display it.
Proposed implementation
Backend Control Mechanism
No Waffle Flag
The feature is controlled by the DISABLED_COUNTRIES
settings list rather than a waffle flag. This list determines which countries are excluded from the country selection across platforms.
Environment Variable Override
The DISABLED_COUNTRIES
list can be overridden using environment variables, providing flexibility for different deployment environments. By default, the value of this list is set to []
, meaning no countries are disabled unless explicitly specified.
Impact on User Experience
Countries in the DISABLED_COUNTRIES
list will be hidden from users in the registration form (Legacy). Users will not be able to select or switch to these disabled countries. If users attempt to select a disabled country (e.g., through manipulation), validation errors will prevent the form from being submitted, ensuring proper control over country selection.
Frontend Option 1
This solution can be achieved by splitting it into 2 parts, MFEs and mobile apps.
Micro-Frontends (MFEs)
MFEs part will require, implementing a new API in the backend that will expose the DISABLED_COUNTRIES
list to the other world. @edx/frontend-platform library will use that API to get the DISABLED_COUNTRIES
list. The frontend-platform library will remove those disabled countries from the translated country list before returning it to the Micro Frontends.
The MFEs will receive a pre-filtered list, reducing complexity and ensuring consistency across all MFEs.
By handling the filtering within the
@edx/frontend-platform
library, we ensure that any updates to the disabled countries list are universally applied without needing changes in individual MFEs.
Mobile Apps (Android & iOS)
For mobile apps, a filtration layer will need to be added to the registration API which also returns the country list. This layer will remove the DISABLED_COUNTRIES
from the country list before it is returned to the mobile apps.
Mobile apps will receive a pre-filtered country list, ensuring that disabled countries are excluded from the registration process.
Similar to the web platform, this approach ensures a consistent user experience across mobile apps, without requiring changes within the mobile app codebase itself.
Frontend Option 2
This solution focuses on utilizing a single source of truth for both mobile apps and MFEs, ensuring consistency across platforms by using the same registration API to retrieve the country list. A filtration layer will be added to the registration API to remove the DISABLED_COUNTRIES
from the country list. This ensures that both mobile apps and MFEs receive the same filtered list for display. MFEs will need significant modifications to switch from using the @edx/frontend-platform
library to this registration API for fetching the country list. Mobile apps already utilize the registration API for the country list, so no changes will be required for them.
Benefits:
By consolidating the country list retrieval into one API, we eliminate discrepancies between mobile and web platforms.
Both MFEs and mobile apps will display the same filtered list of countries, enhancing the user experience.
Considerations:
A process will be required to ensure that the registration API returns a translated country list, similar to how the
@edx/frontend-platform
library currently handles it. This is essential to maintain consistency in the user experience across all platforms.The country list returned by the registration API must match the one provided by the
@edx/frontend-platform
library in terms of both content and translation. This ensures that users on MFEs and mobile apps receive the same list, with appropriate translations.