Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dumbcode Account #212

Open
Wyn-Price opened this issue May 10, 2022 · 0 comments
Open

Dumbcode Account #212

Wyn-Price opened this issue May 10, 2022 · 0 comments
Labels
dev The issue pertains to the private dev site enhancement New feature or request

Comments

@Wyn-Price
Copy link
Member

Wyn-Price commented May 10, 2022
edited
Loading

Powered with a github account.

Current flow of logging in:

  1. A random $state is generated, and set to the localstorage
  2. User clicks the login button. This opens https://github.com/login/oauth/authorize?client_id=...state=$state
  3. Github then return to the application callback URL https://dev.dumbcode.net/oauth/github with a $code and a $state
  4. If $state does not match the localstorage state, throw an error and return.
  5. the oauth/github.html file then calls https://dev.dumbcode.net/oauth/go/github with that $code, which calls https://github.com/login/oauth/access_token with the URL params $code, $client_id and $client_secret, which returns the access token.
  6. The access token is set to the localstorage, which the studio listens on.

New flow of logging in would be exactly the same, in stages 1-4 :

  1. The oauth/github.html file then calls https://dev.dumbcode.net/oauth/github/login with that code, which calls https://github.com/login/oauth/access_token with the URL params $code, $client_id and $client_secret, which returns the github access token. We then sign a jwt of the github username (and other identifiable information).
  2. The signed jwt, and the github access token is then returned to the client, which saves both of them in localstorage.

Note that we can remove the github access token part, and then log-in for ANYTHING oauth based.
However, for now, just do github, as it allows us to directly link tokens.
For example:
Github:

{
    "source": "github",
    "github_username":  "MyUsername"
}

Google:

{
    "source": "google",
    "google_email":  "MyEmail@gmail.com"
}

It's worth noting that the whole point of this is to allow for identification of the client. This opens the door to allow for certain users to have unlimited upload time on aws for stuff like #210
@Wyn-Price Wyn-Price added enhancement New feature or request dev The issue pertains to the private dev site labels May 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dev The issue pertains to the private dev site enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Wyn-Price