-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create user login/logout component #15
Comments
ORCID also supports OpenID Connect but this extension to OAuth is less common so basic OAuth Web application flow, as provided and documented by GitHub may be better. If the application has authorize a user against GitHub we can store the GitHub user name (as URL) as mapping creator. The backend needs to be passed the access token to verfiy that the user is who it claims to be. |
See also:
Each of these examples also has a branch "mongo" that shows how to persist the session in a MongoDB (possibly needed for the backend). |
I just noticed that we will probably need to implement a separate login backend on our own anyway. As far as I understand, all three (Wikimedia, ORCID, GitHub) need a client identification (i.e. secret keys) to be able to use OAuth, and these "secret" keys would have to be exposed if we wanted to do it client side only. Also, OAuth uses a callback URL, meaning a URL that will be called after successful authentication, and with a client side application, we can't do that. We would have to use implicit identification via the origin of the request (so we would have to allow all our Cocoda instances to use the API) and let the backend do all the OAuth stuff. Correct me if I'm wrong though, I haven't tried to implement this yet. |
- Currently there is no support for using authorized endpoints. - Basic authentication is only used until a proper login server is implemented.
Will be continued in #273. |
A simple login/logout dialog without backend is enough to start with. Next iteration could authenticate against via OAuth2 before having our own backend. The most relevant identify providers are:
The text was updated successfully, but these errors were encountered: