Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for/ DWYL_API_KEY before AUTH_API_KEY #14

Closed
5 tasks done
nelsonic opened this issue Apr 27, 2020 · 2 comments
Closed
5 tasks done

Check for/ DWYL_API_KEY before AUTH_API_KEY #14

nelsonic opened this issue Apr 27, 2020 · 2 comments
Assignees
@nelsonic
Labels
enhancement priority-2 T2h technical

Comments

@nelsonic
Copy link
Member

nelsonic commented Apr 27, 2020
edited
Loading

At present we are using SECRET_KEY_BASE as our single environment variable:

auth_plug/.env_sample

Line 1 in 1ebb609

export SECRET_KEY_BASE=2PzB7PPnpuLsbWmWtXpGyI+kfSQSQ1zUW2Atz/+8PdZuSEJzHgzGnJWV35nTKRwx

Which is then used in:

auth_plug/lib/token.ex

Line 7 in 1ebb609

@secret System.get_env("SECRET_KEY_BASE")

As part of our Quest to only have a Single Environment Variable to run the App on localhost dwyl/auth#42 we need to use that variable in our Token module.

Todo

  • Check for DWYL_API_KEY as the @secret in Token module
  • Test for it! 💯
  • Split the DWYL_API_KEY on / and
    • use the second half (corresponding to the client_secret) to verify the JWT
    • If JWT verification fails, send the first half of the DWYL_API_KEY (corresponding to the client_id) as the client_id in the URL query param so that the Auth App can verify it.
@nelsonic nelsonic mentioned this issue Apr 27, 2020
Closed
4 tasks
@nelsonic nelsonic self-assigned this Apr 27, 2020
@nelsonic nelsonic added the T2h label Apr 27, 2020
@nelsonic nelsonic changed the title Check for/ DWYL_API_KEY before SECRET_KEY_BASE Check for/ DWYL_API_KEY before AUTH_API_KEY Apr 27, 2020
nelsonic added a commit that referenced this issue Apr 27, 2020
@nelsonic
create api_key/0 client_id/0 and client_secret/0 functions for #14
aea0a83
nelsonic added a commit that referenced this issue Apr 27, 2020
@nelsonic
use AuthPlug.Token.client_id in redirect_to_auth/2 #14
dd7975c
nelsonic added a commit that referenced this issue Apr 27, 2020
@nelsonic
add AUTH_API_KEY to .env_sample for #14
94ff6d5
nelsonic added a commit that referenced this issue Apr 27, 2020
@nelsonic
add test for api_key/0 with DWYL_API_KEY #14 💯
b612845
@nelsonic
Copy link
Member Author

auth_plug/lib/token.ex

Lines 17 to 21 in b612845

def api_key do
if not is_nil(System.get_env("DWYL_API_KEY")),
do: System.get_env("DWYL_API_KEY"),
else: System.get_env("AUTH_API_KEY")
end

auth_plug/lib/auth_plug.ex

Lines 160 to 167 in b612845

defp redirect_to_auth(conn, opts) do
baseurl = AuthPlug.Helpers.get_baseurl_from_conn(conn)
to =
opts.auth_url <>
"?referer=" <>
URI.encode(baseurl <> conn.request_path) <>
"&client_id=" <> AuthPlug.Token.client_id

@nelsonic
Copy link
Member Author

I've got this working. Closing. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nelsonic nelsonic

Labels
enhancement priority-2 T2h technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nelsonic