Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement API-based self-service flows #624

Merged
merged 167 commits into from
Sep 15, 2020
Merged

feat: implement API-based self-service flows #624

merged 167 commits into from
Sep 15, 2020

Conversation

aeneasr
Copy link
Member

@aeneasr aeneasr commented Aug 5, 2020
edited

This is an umbrella PR for API-based self-service flows. This PR will include:

  • Fix docs links
  • Update quickstart
  • Website redirects:
    • self-service/flows/user-login-user-registration/username-email-password -> self-service/flows/user-registration
    • self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2 -> self-service/flows/user-registration
    • self-service/flows/user-login-user-registration -> self-service/flows/user-registration
    • self-service/flows/user-settings/user-profile-management -> self-service/flows/user-settings
    • self-service/flows/user-settings/change-password -> self-service/flows/user-settings
    • self-service/flows/user-settings/link-unlink-openid-connect-oauth2 -> self-service/flows/user-settings
    • self-service/flows/user-settings/link-unlink-openid-connect-oauth2 -> self-service/flows/user-settings
    • self-service/flows/account-recovery/password-reset-recovery-link -> self-service/flows/account-recovery
  • Document high-level API and Browser flows in http://localhost:3000/kratos/docs/next/self-service
  • Fill out curl payloads once the quickstart is working again in http://localhost:3000/kratos/docs/next/self-service
  • Rename session.sid to session.id
    • Implement change
    • Update tests
    • Write Breaking Change
    • Update documentation
  • Implement session tokens
    • Issuance
    • Storage
    • Revokation
    • Checking HTTP Bearer Authorization for session tokens
    • Documentation
    • Document breaking change (sessions get removed)
  • An API-based login flow
    • Refactor initialize and fetch endpoints and add tests for all flow interactions
    • Support API flow in password strategy
    • Update documentation
    • Draw request flow for API based flows and document 200, 302, 400 for API and 302 for Browser interactions!
    • Update password strategy documentation
    • Update oidc strategy documentation and explain that API flows are not supported right now
    • Document change /self-service/browser/flows/strategies/oidc -> /self-service/methods/oidc in the big breaking change commit message
    • Document that CSRF cookies are no longer required for request fetching in the big breaking change commit message
  • An API-based registration flow
    • Refactor initialize and fetch endpoints and add tests for all flow interactions
    • Support API flow in password strategy
    • Update documentation
    • Draw request flow for API based flows and document 200, 302, 400 for API and 302 for Browser interactions!
    • Update password strategy documentation
    • Update oidc strategy documentation and explain that API flows are not supported right now.
    • Document change /self-service/browser/flows/strategies/oidc -> /self-service/methods/oidc  in the big breaking change commit message
    • Document that CSRF cookies are no longer required for request fetching in the big breaking change commit message
  • Refactor Session Issuer Hook to work with API and Browser requests
    • Concept
    • Refactoring
    • Tests
    • Document behavior
  • An API-based settings flow
    • Support sudo mode
    • Refactor initialize and fetch endpoints and add tests for all flow interactions
    • Support API flow in password strategy
    • Support API flow in profile strategy
    • Update documentation
    • Draw request flow for API based flows and document 200, 302, 400 for API and 302 for Browser interactions!
    • Update password strategy documentation
    • Update profile strategy documentation
    • Update oidc strategy documentation and explain that API flows are not supported right now in the big breaking change commit message
    • Document that sudo mode doesn't keep state around for API flows because no cookies
  • An API-based verification flow
    • Refactor initialize and fetch endpoints and add tests for all flow interactions
    • Support API flow in link strategy
    • Update documentation
    • Draw request flow for API based flows and document 200, 302, 400 for API and 302 for Browser interactions!
    • Update link strategy documentation
      • Document that the link always needs to be opened in the browser and the success follow up is always setting up the password next in the browser after a redirect.
    • Write breaking change
  • An API-based recovery flow
    • Add flow methods to recovery flow in SQL, API
    • Implement strategy pattern
    • Migrate functionality to link strategy
    • Write breaking change
    • Update documentation
      • Rename verify-email-account-activation to account-activation-verification
  • Update wording from "login request" to "login flow" and update all routes, query parameters, SDKs.
    • Update documentation
    • Write breaking changes
    • Write SQL migrations
  • Update wording from "registration request" to "registration flow" and update all routes, query parameters, SDKs.
    • Update documentation
    • Write breaking changes
    • Write SQL migrations
  • Update wording from "settings request" to "settings flow" and update all routes, query parameters, SDKs.
    • Update documentation
    • Write breaking changes
    • Write SQL migrations
  • Update wording from "verification request" to "verification flow" and update all routes, query parameters, SDKs.
    • Update documentation
    • Write breaking changes
    • Write SQL migrations
  • Update wording from "recovery request" to "recovery flow" and update all routes, query parameters, SDKs.
    • Update documentation
    • Write breaking changes
    • Write SQL migrations
  • Write SQL Migration tests
  • e2e tests for API flows not really possible in cypress due to browser context, Go integration tests should be enough)
  • refactor login helper to use api and speed up e2e tests
  • Improve error responses for APIs (they include the flow!)
    • password: login, registration, settings
    • oidc: login, registration, settings
    • profile: settings
    • verification
    • link: recovery
  • link persister needs to rename request -> flow
  • Document new OIDC redirect URLs - they need to be updated and are breaking changes!!

Closes #385
Closes #635

@aeneasr aeneasr added feat New feature or request. package/session Affects session components package/selfservice/verification Affects verification components package/selfservice/password Affects the Password Self Service Strategy package/selfservice Affects selfservice components blocking Blocks milestones or other issues or pulls. breaking change Changes behavior in a breaking manner. labels Aug 5, 2020
@aeneasr aeneasr added this to In progress in Maintainer's Board via automation Aug 5, 2020
@aeneasr aeneasr self-assigned this Aug 5, 2020
@aeneasr aeneasr marked this pull request as draft August 5, 2020 08:56
@aeneasr aeneasr closed this Aug 5, 2020
Maintainer's Board automation moved this from In progress to Done Aug 5, 2020
@aeneasr aeneasr reopened this Aug 5, 2020
Maintainer's Board automation moved this from Done to In progress Aug 5, 2020
@aeneasr aeneasr force-pushed the fix-385 branch 2 times, most recently from c36bc97 to a005b82 Compare August 13, 2020 09:19
@aeneasr aeneasr mentioned this pull request Sep 3, 2020
Closed
@aeneasr
ci: bump cockroach image
9996e76
@aeneasr
fix: update crdb quickstart version
249a6ba
@aeneasr
fix: resolve broken migrations and bump fizz
1ed9c70
@aeneasr
fix: resolve pkger issues
294066c
@aeneasr
docs: bring oidc docs up to date
7d0e470
@aeneasr
docs: refactor login and registration documentation
c660a04
@aeneasr
docs: complete registration documentation
b3af02b
@aeneasr
fix: update contrib samples
79d24b4
@aeneasr
ci: bump golang
06fa714
@aeneasr
docs: refactor settings and recovery documentation
11ca9f7
@aeneasr
refactor: change oidc callback URL
36d9380 
BREAKING CHANGE: This patch changes the OpenID Connect and OAuth2 ("Sign in with Google, Facebook, ...") Callback URL from `http(s)://<kratos-public>/self-service/browser/flows/strategies/oidc/<provider>` to `http(s)://<kratos-public>/self-service/methods/oidc/<provider>`. To apply this patch, you need to update these URLs at the OAuth2 Client configuration pages of the individual OpenID Conenct providers (e.g. GitHub, Google).
@aeneasr
fix: complete verification by redirecting to UI with success
f0ecf51
@aeneasr
docs: refactor verification docs
70f2789
@aeneasr
docs: correct settings and verification redir
30e25e7
@aeneasr
docs: clean up docs and correct samples
8627ec5
@aeneasr
fix: rename quickstart schema file name
e943c90
@aeneasr
Merge remote-tracking branch 'remotes/origin/master' into fix-385
a4021ed 
# Conflicts:
#	.schema/api.swagger.json
#	docs/docs/milestones.md
#	identity/handler.go
#	internal/httpclient/client/admin/create_identity_parameters.go
#	internal/httpclient/client/admin/update_identity_parameters.go
@aeneasr
fix: resolve remaining testing issues
af40d93
@aeneasr
styles: format code
c3b5ff5
@aeneasr aeneasr marked this pull request as ready for review September 13, 2020 13:00
@aeneasr aeneasr merged commit 4330095 into master Sep 15, 2020
Maintainer's Board automation moved this from In progress to Done Sep 15, 2020
@aeneasr aeneasr deleted the fix-385 branch September 15, 2020 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@aeneasr aeneasr

Labels
blocking Blocks milestones or other issues or pulls. breaking change Changes behavior in a breaking manner. corp/m2 Up for M2 at Ory Corp. feat New feature or request. package/selfservice/password Affects the Password Self Service Strategy package/selfservice/verification Affects verification components package/selfservice Affects selfservice components package/session Affects session components
Projects
Maintainer's Board
  
Done
Milestone
v0.5.0-alpha.1
Development

Successfully merging this pull request may close these issues.

Rename login/registration/recovery/... request to flow API Authentication
1 participant
@aeneasr