-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to login to a dev endpoint that uses a self-signed cert #40
Conversation
How about logging into dev servers like this:
|
That's not a bad idea. Client id is rather long, so having to type that into the command line every time would be a pain. I guess users can create an env variable to hold that. https:// can be assumed and dropped. Also, how to handle self-signed certs? One option is use the additional dev endpoint, like I have done and allow self-signed certs for it. Another option is to assume that if the third command line argument is not a known endpoint, it's a dev endpoint with the specified connection params. Third option is to allow self-signed certs for all endpoints, which is bad. I like the first option, which makes things more explicit:
|
I was thinking drop the
|
Dropping dev is fine. Why not assume HTTPS and drop it from the command line URL? We have to break apart the URL anyway, since we need to use CLIENTID in a param and add the /services/oauth2/authorize to construct the actual login URL. I don't see a use case where a user might want to run this over HTTP (in fact, oauth2 requires HTTPS). |
Dropping the https:// is fine with me, though you should probably make it work either way since often pasted URLs include it unexpectedly. |
I think if we are going to go this direction we should consider change the On Tue, Nov 26, 2013 at 11:31 AM, Eli Levine notifications@github.comwrote:
Thanks, |
Wouldn't usename/password flow require exposing the Oauth client secret in the open codebase? |
Ignorant wishful thinking here, would user/pass flow with SF.identity 2factor token be possible? -- On November 26, 2013 at 2:37:21 PM, Dave Carroll (notifications@github.com) wrote: I think if we are going to go this direction we should consider change the On Tue, Nov 26, 2013 at 11:31 AM, Eli Levine notifications@github.comwrote:
Thanks, |
Good point David, will discuss on a different issue. On Tue, Nov 26, 2013 at 11:38 AM, Kevin Poorman notifications@github.comwrote:
Thanks, |
Direct un/pw login (i.e. without any OAuth) is also possible with the SOAP API. Its not really recommended anymore, but if you want to avoid storing secrets in the client, its an option. |
@ryanbrainard I've got something coded up for using the SOAP login.
After the login is successful, the correct REST endpoint is constructed to the ID and that user data is retrieved, converging back to the REST login flow. |
@dcarroll does it also work with non-production, non-test login URLs (i.e. internal dev/testing instances)? |
As well as the current OAuth does. I don't think we took the pull request On Tue, Dec 10, 2013 at 12:58 PM, Ryan Brainard notifications@github.comwrote:
Thanks, |
Yup, so I fixed it to work on non production too
As long as the hostname can be resolved. It does pose an issue with the certificate validation though. Not sure how to solve that. |
@dcarroll I have a great use case for adding the username/pw flags. I have an object that exists in multiple orgs collecting the same type of data on an org by org basis. I want to write a bash script that involves logging into multiple orgs, running a SOQL query on the same object, pulling down the data into a CSV and merging it together. Unfortunately, right now I have to go through the browser authorization process which I can't automate across multiple orgs without the username/pw flags. Any chance this pull request will get in there? |
(Issue #39)