Add OAuth & Token Authentication #19
Conversation
Create OAuth service in API
Add convenience method for storing OAuth parameters
Hit /oauth/authenticate endpoint in server
Update authentication screen for error state
Add is_enabled flag to OAuth service
Add support for access tokens on legacy login
Remove duplicates of LAMP.configuration members
Use refresh token when access token expires
Revert authorization changes to keep compatibility with basic authentication
BIML-43 Update for Azure B2C compatibility
Fix multiple parallel token refreshes being allowed
Fix user not being logged out automatically when tokens can't be refreshed
| import { Demo } from "./service/Demo" | ||
| import { Fetch } from "./service/Fetch" | ||
|
|
||
| import { decode } from "jsonwebtoken" |
There was a problem hiding this comment.
I think we should keep LAMP-js clear of the actual OAuth/IdP stuff like JWTs, and instead offer alternate login methods where the API client user is expected to complete the IdP login and already have a long-lived (or short-lived!) token to provide instead of a password?
There was a problem hiding this comment.
That is to say, I think the extra functionality added here might belong in LAMP-dashboard only!
There was a problem hiding this comment.
For now, we will have API clients log into the dashboard to pull the mindLAMP access token and paste it into their code. We'll think of an OOB flow later.
| refreshToken: newAuth.refresh_token | ||
| } | ||
| }) | ||
|
|
||
| export class Fetch { |
There was a problem hiding this comment.
I think this is a much needed simplification of the Fetch class, thanks!
| access_token: string | undefined, | ||
| refresh_token: string | undefined, | ||
| } | ||
| export class OAuthService { |
There was a problem hiding this comment.
The sessionStorage stuff here seems more for the dashboard codebase instead? The LAMP-js library needs to be usable if a data scientist wants to use NodeJS for their data analysis/visualization dashboard/etc.
| } | ||
|
|
||
| const refreshToken = async (expiredToken: string) => |
There was a problem hiding this comment.
It feels to me like the token refresh is automated where users will never have an automatic logout issue (i.e. once they manually log in, they should stay logged in until manually logging out), but is that going to be the case?
There was a problem hiding this comment.
We should switch back to localStorage to avoid this issue - AFTER we consider the consequences of the native app's sessionStorage flow.
| @@ -1,63 +1,105 @@ | |||
| import LAMP from '../index' | |||
There was a problem hiding this comment.
I thought cyclic imports were not permitted - does this compile on older TS versions? (I suppose we don't need to worry about that technically though.)
mcurbelo-orangeloops
force-pushed
the
feature/oauth
branch
from
4eaa6a1
to
a468320
Compare
Add support for personal access tokens
bvescovi-orangeloops
force-pushed
the
feature/oauth
branch
from
50f619f
to
16bfe75
Compare
No description provided.