This repository has been archived by the owner on Jun 2, 2021. It is now read-only.
feat: anonymous access #82
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 14 commits
November 1, 2019 14:51
abutterworth
changed the title
davidjoy
reviewed
Nov 4, 2019
davidjoy
reviewed
Nov 4, 2019
davidjoy
approved these changes
Nov 4, 2019
robrap
reviewed
Nov 5, 2019
| @@ -0,0 +1,115 @@ | |||
| <a name="LoginRedirect"></a> | |||
There was a problem hiding this comment.
We should consider as part of future runway efforts:
- automatically generating and publishing to read-the-docs
- Not needing to check this in here.
src/AuthenticatedApiClient/tests/AuthenticatedApiClient.test.jsx
Outdated
Show resolved
Hide resolved
src/AuthenticatedApiClient/tests/AuthenticatedApiClient.test.jsx
Outdated
Show resolved
Hide resolved
src/AuthenticatedApiClient/tests/AuthenticatedApiClient.test.jsx
Outdated
Show resolved
Hide resolved
src/AuthenticatedApiClient/tests/AuthenticatedApiClient.test.jsx
Outdated
Show resolved
Hide resolved
robrap
approved these changes
Nov 5, 2019
abutterworth
pushed a commit
to edx/frontend-base
that referenced
this pull request
Nov 6, 2019
* feat: upgrade frontend-auth with anonymous access capability BREAKING CHANGE: Uses the new api offered by frontend auth. App.apiClient no longer has methods login, logout, getDecodedAccessToken or refreshAccessToken. Refer to edx/frontend-auth#82 for more info. * docs: typo * docs: update redirect description * fix: upgrade frontend-auth
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR allows unauthenticated requests to be made though the apiClient. There are breaking behavior changes. There are also breaking API changes as well as new functionality contained in this refactor.
New functionality:
getAuthenticatedUser: a function that gets the jwt token and returns user information. It will return null if the user is not authenticated. It will not perform a redirect, unlikeensureAuthenticatedUser.isPublicandisCsrfExemptoptions have been added to request configuration for axios requests (get, post, patch, etc). Setting these to true will prevent frontend-auth from attempting to refresh the jwt access token or a csrf token respectively.BREAKING CHANGES:
Behavior Change Frontend-auth intercepts outbound requests and attempts to refresh the jwt token if it does not exist or is expired. In the case of a 401 response indicating that the user is logged out, frontend auth will not redirect the user to login, and will allow the outbound request to proceed. Prior behavior: Upon receiving a 401 response, frontend-auth would block the request and redirect the user to login.
ensureAuthenticatedUsercontinues to redirect if the user is logged out.API Changes
getAuthenticatedAPIClienthas been renamed togetAuthenticatedApiClient. Note the capitalization changes: API > Api.redirectToLogout(formerlyapiClient.logout)redirectToLogin(formerlyapiClient.login)ensureAuthenticatedUser(formerlyapiClient.ensureAuthenticatedUser)See the updated README for more details.