This repository has been archived by the owner on Sep 13, 2019. It is now read-only.
Closed loop update to make goggles use id.wmo and publish.wmo #202
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // oauth login confirmation page | ||
| app.get("/login-confirmation.html", csp, function(req, res) { | ||
| res.render("login-confirmation.html", { | ||
| audience: env.get("audience"), |
There was a problem hiding this comment.
these options can probably go, since id.wmo is restful
Pomax
changed the title
| document.addEventListener("focus", function() { | ||
| if (!checked) { | ||
| checked = true; | ||
| var authToken = localStorage["goggles-auth-token"]; |
There was a problem hiding this comment.
.getItem() or am I missing some wrapper lib?
There was a problem hiding this comment.
Actually native JS API: both localStorage["key"] and localStorage.getItem("key") do the same thing (for removals, though, you want removeItem rather than the more base JS delete)
Pomax
changed the title
|
closing, to merge into develop instead. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is going to need some UX design done in order to get the user flow to feel right. The login concept itself is similar to what discourse.webmaker.org does. Because users cannot be redirected from the page they're working on without losing all their work, attempting to login when you want to publish (the publish dialog is an iframe with a goggles-hosted content) spawns a new window/tab to id.webmaker.org, which users run through in order to become authenticated. The last step in the authentication process redirects them to a login status page running on the same goggles domain as the publish dialog, and sets the login token as a persistent value (using localStorage rather than a cookie). When the publish dialog sees this token existing, it queries id.webmaker.org for the user information associated with the auth token, and can change its UI to give the user the ability to publish their content via the goggles publish route.
Note: this PR only covers the id.wmo oauth2 login, and does not cover publishing or surfacing publishing UI once the user is authenticated.