Replies: 4 comments 16 replies
-
I do agree we could benefit from some pre-baked authentication helpers support for our supported frameworks. Would make embedding IDOM easier, especially when used in conjunction with #653 |
Beta Was this translation helpful? Give feedback.
-
I've created a very rough draft of what session management might look like in IDOM: #771 I don't think I'm satisfied with the interface, but it should get the idea across and could be used as a starting point for anyone interested in contributing this feature. |
Beta Was this translation helpful? Give feedback.
-
Given that I'm unlikely to find the time to implement this any time soon (we should about adding more to the 1.0 roadmap) the best option is to, as @phihos has said, write up documentation on how to do this for each builtin backend. I'm unsure whether we should have the documentation written for a 1.0 release though. I'm learning towards thinking we should since this seems like something that would come up pretty quickly for any new adopters. |
Beta Was this translation helpful? Give feedback.
-
@rmorshea, @phihos I really appreciate your efforts to show session / auth management. My current approach was to have the redirect endpoint (the endpoint you return to from the oauth service), return JS script which would set a cookie and redirect the client to an endpoint serving the app. eg.
However this is not working. I never see the cookie on the /app request. Im not sure which direction is best and was hoping you could provide some direction. Options:
Im also struggling to split the boundary between what the server should do and what the browser should do. 🙏🏻 I would appreciate your insights and direction for how to best use IDOM for this sort of case. (small SPa + API, and avoiding creating two projects to do it) |
Beta Was this translation helpful? Give feedback.
-
Hi,
I hope this is the right place to ask this. Else I can also open an issue.
I am currently evaluating IDOM for a personal project and I like it a lot. You already have some nice examples helping me understand how to implement things with IDOM. One important aspect of my project is missing though:
What is the recommended way of doing authentication with IDOM?
The central problem to solve is how to establish a secure session over the websockets connection that is persistent across reloads.
A secondary objective is to achieve that with as little Javascript as possible.
I already scanned all discussions for solutions and what I found was either doing auth the "traditional" way and then redirecting to a page with embedded IDOM or doing auth completely inside IDOM and losing the session on reload. Both is not great. Maybe I missed something but I could not find a definitive recommendation.
I think I might have found a pattern how to do auth in IDOM via server-side sessions:
Implement a request middleware that sets a session cookie on the first response serving the initial HTML. That ensures the websockets connection always gets a valid session ID via
Cookie
header. Then withuse_request
we can extract the session ID inside IDOM, retrieve the session data, check authentication info and either display a login form or the restricted page.I propose that pattern as recommended way of doing auth with IDOM since it is secure and easy to implement.
I already implemented a full example for Sanic (session and user persistence not included). In the README there is also a more in-depth explanation of my reasoning.
I am looking forward to get feedback from you people on this approach 🙂
Beta Was this translation helpful? Give feedback.
All reactions