[App] Migrate authentication and refreshing to the SDK #21938
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
Co-authored-by: Pascal Jufer <pascal-jufer@bluewin.ch>
There was a problem hiding this comment.
Noticed the share login as well as login via provider requiring a identifier didn't work. Therefore reverted that part resp. added separate requests for them for now.
Since the signature & request payload for the two cases above are actually quite different to the regular login, I think we need a new approach for the adaptation of the SDK login methods (e.g. credentials object as first param or overloading). Let's better do that in a separate PR where we can focus on that (potentially breaking) change.
Therefore this PR is no longer a breaking change.
All auth methods are working fine now:
- Default auth
- Local auth
- SSO auth
- LDAP auth (
identifier) - Share
- with password
- password-less
- Refreshing
- Logout
|
|
||
| await sdk.request(login()); | ||
| // To initialize auto-refresh | ||
| response = await sdk.refresh(); |
There was a problem hiding this comment.
This should just be setting the token and expiry received from the login instead of doing a 2 http call.
| const login = | ||
| <Schema extends object>(): RestCommand<AuthenticationData, Schema> => | ||
| () => { | ||
| const path = getAuthEndpoint(loginOptions.provider); | ||
| const data = { identifier, password, otp, mode: 'session' }; | ||
| return { path, method: 'POST', body: JSON.stringify(data) }; | ||
| }; |
There was a problem hiding this comment.
This options should be added to the SDK as sdk.login(identifier, pass, opts)
| await sdk.request(authenticateShare(share, password, 'session')); | ||
| // To initialize auto-refresh | ||
| response = await sdk.refresh(); |
There was a problem hiding this comment.
Why the old function and double http call? If the authentication handler doesnt work here that needs to be fixed instead of reverted/worked around.
| export type LoginOptions = { | ||
| /** The user's one-time-password (if MFA is enabled). */ | ||
| otp?: string; | ||
| /** Whether to retrieve the refresh token in the JSON response, or in a httpOnly cookie. One of `json`, `cookie` or `session`. Defaults to `cookie`. */ | ||
| mode?: AuthenticationMode; | ||
| /** Use a specific authentication provider (does not work for SSO that relies on browser redirects). */ | ||
| provider?: string; | ||
| }; |
There was a problem hiding this comment.
These comments are redundant
Fixes #20810
Scope
What's changed:
ofetchto handle interceptors in a similar way to axios while both are still in use.Potential Risks / Drawbacks
Review Notes / Questions