-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication #70
Authentication #70
Conversation
50969ed
to
1f65a33
Compare
0bac919
to
1cca6f6
Compare
94af961
to
369a74b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checked for big picture stuff.
I'm not very well-versed in angular/OIDC things, but to me the logic and structure looks solid 👍🏻
Not going to approve per-request, will do more thorough review on request :)
Will also check back now and then between doing other things to see if I notice anything 👍🏻
621f642
to
677af74
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried out your branch and there's some stuff that isn't working.
Otherwise great work, this is looking very promising!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! As discussed in meeting, this maybe needs further improvements, such as the error handling and whatnot.
Let's merge it for now and keep improving in future PRs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! 👍🏻
While working with https://web.dev/cross-origin-resource-sharing/#share-credentials-with-cors type requests i realised that 'Access-Control-Allow-Origin: *' was not allowed. I have not yet found a great way of handling these headers with angular. This seems the best way- however it does not seem compatible with our current config.
Based on motivation from #101: The rfc4648.js author was kind enough to publish an update with the license: swansontec/rfc4648.js#18 This makes `npm run collect-licenses` work.
This reverts commit f567df1.
CHANGELOG.md
file, according to docs:https://iver-wharf.github.io/#/development/changelogs/writing-changelogs
Although we may consider making this a major change instead of a patch to make it easier to track this inclusion.
Summary
This adds authentication to the frontend. While this change in itself does not cause any breaking change its a fairly big version change. When the backend is set to validate OIDC tokens this branch is required as it allows the sending of OIDC tokens which will bypass the unauthorised issued that occurs otherwise.
Introduces pages/routes:
We should consider implementing some of the following:
Motivation
Authentication is a requested feature. See more about the initial plan and requirements set fourth by the RFC 13 - Authentication