Implement support for Auth0 both in API and normal login #3125
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
henrikhorluck
force-pushed
the
feat/yeet-cognito
branch
2 times, most recently
from
b3310d9
to
b284b36
Compare
henrikhorluck
force-pushed
the
feat/yeet-cognito
branch
from
8a7fd08
to
81828b6
Compare
Design is a TODO, and now a _lot_ of stuff should be removed
Only exposed a single endpoint to make an invite-link to the slack workspace, but has been failing for who knows how long. Just remove it, essentially unused.
This was intended to be used as a new source-of-truth or something for the lists in Google Workspace. The sync was never implemented. We do not want more data sync. Remove it.
It is the _same_ as `.email`, and with the change to Auth0 we will only have one email on the accounts.
Now use .email
For some reason we had both `/profile/emails` and `/user/emails`, which appear to just duplicate functionality, while the `/user`-one allowed us to change it? Either way: we can already directly modify `.email` through e.g. UserUpdateViewSet, so no need to make a new endpoint.
The email-sending appears to not actually result in emails being sent? This should maybe have some more error-handling?
This is mostly relevant if you get directed after logout with Auth0
- Support creating a user with info from /userinfo
- Including from API-call by chaning DRF-auth to mozilla
- Username is a variant of the email, note that this might lead to
usernames that were previously invalid.
- Verify that access_token-audience is for us
- Do not call /userinfo on _every_ request, since we can find the user
from `sub`, but use it if we need to create a new user
- Update email if it has diverged when we have already gotten an
id_token (aka login directly to OW4)
henrikhorluck
force-pushed
the
feat/yeet-cognito
branch
from
38d40b0
to
65a7bc5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Code Checklist
Visual changes
Before
After