-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Panoptes.js: add lib-panoptes-js dev server, add experimental auth #6375
base: master
Are you sure you want to change the base?
Conversation
But also remember that a stateful client has major bugs like zooniverse/panoptes-javascript-client#207 and zooniverse/panoptes-javascript-client#250. This is old now, but have a look at
|
Worth keeping this in mind for any new auth work, given that the password flow code in PJC is ten years old, and not very secure.
https://oauth.net/2/grant-types/password/ The refresh token flow used to get access tokens for authenticated API requests is still secure. |
@eatyourgreens this is a draft PR and not ready for code review. Please refrain from commenting on draft PRs. While Zooniverse's frontend repos are open source, this PR is marked as a draft because Shaun, myself, and the frontend team are in ongoing discussions about auth and lib-panoptes-js. The context of those discussions is not always available in a draft/experimental PR such as this one, and commenting beyond the scope of this PR becomes unhelpful. I see why you've opened #6376 based on auth development years ago, but I'm going to close it in favor of keeping this PR focused. Please trust that Shaun, myself, and the rest of the dev team have a plan for FEM, including whether or not to keep using oauth + passwords. When commenting on Zooniverse Issues or PRs marked as ready for review, please keep comments focused on blocking code such as bugs or best practices that might have been missed while being mindful we're a very small dev team. We do our best to address website bugs and respond to comments on Github, but are working with limited resources and Zooniverse is a large web platform. |
4c15f20
to
736a4eb
Compare
d1c6eec
to
78fd051
Compare
9d2092d
to
245060a
Compare
PR Update
TestingTesting Sign In:
Testing event listener system:
StatusDelilah, Mark, Travis: this PR is now ready for internal review and discussion. The signIn() code has been excessively documented to help us all understand the login process, so please drop a note if anything is unclear. This will also be part of the planned "authentication presentation" on the next dev frontend standup. Next steps:
|
|
||
const request3 = new Request(`https://panoptes-staging.zooniverse.org/oauth/token`, { | ||
body: JSON.stringify({ | ||
client_id: '535759b966935c297be11913acee7a9ca17c025f9f15520e7504728e71110a27', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apps like Community Catalogue, which use @zooniverse/panoptes-js
, will need to pass in their own client ID here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Roger's auth client used a pattern like
const myAuthClient = new AuthClient({ clientId })
which might work here too.
*/ | ||
} | ||
|
||
export { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You’ll need to change the package type to module
if you want to use export
in Node. PJC only runs in browsers but lib-panoptes-js
is used in Node and in browsers.
PR UpdateI've just merged PR #6527 to this branch, which adds a bunch of improvements:
|
…pdate docs for event listeners.
3932e00
to
18cb311
Compare
PR Overview
Package: lib-panoptes-js
Part of: replacing PJC with Panoptes JS
This PR is part of an experiment to remove PJC from FEM, replacing its functionality fully with making Panoptes JS (PanoptesJS? panoptes.js?)
This PR focuses on some small steps:
auth
, one bit of functionality at a time, into PanoptesJS'sexperimentalAuth
. We'll eventually turn experimentalAuth into auth once we're confident all the features are working.yarn dev
Dev Notes
store
variable that can be specified by the calling module/function.Status
Experimental WIP.