Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Needs proper Authentication #3

Open
SQL-MisterMagoo opened this issue Apr 19, 2019 · 7 comments
Open

Needs proper Authentication #3

SQL-MisterMagoo opened this issue Apr 19, 2019 · 7 comments
Labels
enhancement New feature or request help offered Someone has offered to take this on - see conversation

Comments

@SQL-MisterMagoo
Copy link
Collaborator

For now, this just uses an API key for the user auth.

It should log them in maybe?

@SQL-MisterMagoo SQL-MisterMagoo added the question Further information is requested label Apr 20, 2019
@chrissainty
Copy link
Member

I think it would be good to log in properly. From a usability point of view, it's what people will expect. I think asking everyone to go get a API key will be a turn off.

I assume if we implement the same log in options as Gitter then we can do it all from client-side as its all OAuth flow?

@Liques
Copy link

Liques commented May 8, 2019

Yes, ask for a token is not good. The process must more automatically. If it's not a problem or if it was not started, I would like to try take this task.

@SQL-MisterMagoo
Copy link
Collaborator Author

Hi @Liques

That's great - thanks for the offer - that would be really helpful.

The thing that made me hold off on doing this is that it is purely client side, and I am not confident how to do the whole Auth flow that way - I suspect CORS may be an issue.

I look forward to seeing how you get on, thanks!

@SQL-MisterMagoo SQL-MisterMagoo added enhancement New feature or request help offered Someone has offered to take this on - see conversation and removed question Further information is requested labels May 8, 2019
@Liques
Copy link

Liques commented May 9, 2019

You is right: CORS was an issue. :-(

I have success to get the exchange token, but when I try get the final access token there is a CORS error that I found no solution...

At least I the backend part looks ok, I will share it.

Update:
Here is a branch with the complete attempt. https://github.com/Liques/Gitter/tree/corserror
The first step is working well, the website is getting the exchange token with success. But final step is not working.

@SQL-MisterMagoo
Copy link
Collaborator Author

I've done a bit of searching of the gitterhq/api channel and the advice over and over again seems to be "just use your personal token", so I don't think they are likely to address the CORS issue.

I'll see if anyone has any ideas on how to handle this.

@Liques
Copy link

Liques commented May 10, 2019

On the server project I had success to authenticate today. Maybe it's very hard to make it works on a full client-side browser client.
Take a look on this workaround: https://gitlab.com/gitlab-org/gitter/webapp/issues/543

@Liques
Copy link

Liques commented May 15, 2019

I took another look in this issue. I realized that is not possible to make this work without a specific support of the API for client side applications. The Google API, for example, support it: https://developers.google.com/identity/protocols/OAuth2UserAgent

But the Gitter API have no support. It was request some years ago and there was not developed yet: https://gitlab.com/gitlab-org/gitter/webapp/issues/533

The only way I see to overcome this problem is to deploy a microservice specific to this software. But I agree that for this time, take the personal token is ok. :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help offered Someone has offered to take this on - see conversation
Projects
None yet
Development

No branches or pull requests

3 participants