New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[App] Migrate authentication and refreshing to the SDK #21938
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noticed the share login as well as login via provider requiring a identifier
didn't work. Therefore reverted that part resp. added separate requests for them for now.
Since the signature & request payload for the two cases above are actually quite different to the regular login, I think we need a new approach for the adaptation of the SDK login
methods (e.g. credentials
object as first param or overloading). Let's better do that in a separate PR where we can focus on that (potentially breaking) change.
Therefore this PR is no longer a breaking change.
All auth methods are working fine now:
- Default auth
- Local auth
- SSO auth
- LDAP auth (
identifier
) - Share
- with password
- password-less
- Refreshing
- Logout
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes requested if it wasnt merged, these authentication methods need to be fixed instead of working around them for our app only.
|
||
await sdk.request(login()); | ||
// To initialize auto-refresh | ||
response = await sdk.refresh(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should just be setting the token and expiry received from the login instead of doing a 2 http call.
const login = | ||
<Schema extends object>(): RestCommand<AuthenticationData, Schema> => | ||
() => { | ||
const path = getAuthEndpoint(loginOptions.provider); | ||
const data = { identifier, password, otp, mode: 'session' }; | ||
return { path, method: 'POST', body: JSON.stringify(data) }; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This options should be added to the SDK as sdk.login(identifier, pass, opts)
await sdk.request(authenticateShare(share, password, 'session')); | ||
// To initialize auto-refresh | ||
response = await sdk.refresh(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the old function and double http call? If the authentication handler doesnt work here that needs to be fixed instead of reverted/worked around.
export type LoginOptions = { | ||
/** The user's one-time-password (if MFA is enabled). */ | ||
otp?: string; | ||
/** Whether to retrieve the refresh token in the JSON response, or in a httpOnly cookie. One of `json`, `cookie` or `session`. Defaults to `cookie`. */ | ||
mode?: AuthenticationMode; | ||
/** Use a specific authentication provider (does not work for SSO that relies on browser redirects). */ | ||
provider?: string; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These comments are redundant
Fixes #20810
Scope
What's changed:
ofetch
to handle interceptors in a similar way to axios while both are still in use.Potential Risks / Drawbacks
Review Notes / Questions