-
Notifications
You must be signed in to change notification settings - Fork 26
Handle auth in front end #142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- You can't read POST payload in javascript
So your idea FE->BE->reponse doesn't work.
- You don't handle errors from provider:
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
And we have to provide those errors to the user because those are problems between user&provider, not our app.
|
It must be rebased over master and refactored considering #144 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh. You cherry-picked my commits. Okay.
One small comment about error handling.
server/service/oauth.go
Outdated
@@ -68,16 +68,18 @@ type GithubUser struct { | |||
} | |||
|
|||
// MakeAuthURL returns string for redirect to provider | |||
func (o *OAuth) MakeAuthURL(w http.ResponseWriter, r *http.Request) string { | |||
func (o *OAuth) MakeAuthURL(w http.ResponseWriter, r *http.Request) (string, error) { | |||
b := make([]byte, 16) | |||
rand.Read(b) | |||
state := base64.URLEncoding.EncodeToString(b) | |||
|
|||
session, _ := o.store.Get(r, "sess") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you return (string, error)
, it makes sense to handle error here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yesssss, you're totally right; thanks for spotting it!
Ready for a second pass @bzz @smacker
|
Signed-off-by: Maxim Sukharev <[email protected]>
Signed-off-by: Maxim Sukharev <[email protected]>
Signed-off-by: Maxim Sukharev <[email protected]>
Fix #99
major changes:
/auth
:state
andcode
from GitHub OAuth callback,/api/auth
endpoint, and handle any possible error,UI_DOMAIN
is no longer needed in Helm chartsbenefits:
/api/auth
endpoint will be standard in terms of ourhandler.RequestProcessFunc
,FE → BE → response + status
possible improvements:
/auth
route is not really-really needed because the auth thing could be handled by/
itself ifcode
is received.