Use authCode from config again #150
Conversation
|
If you update the magister-openid version to 0.1.5 in this PR, the whole authentication side of the project should work again. |
|
@idiidk Done! |
|
Sorry for the late reply, usual university stuff. With a bit of Sinterklaas mixed in. What I don't understand: 0.1.4 was released 2 months ago but since that was a breaking change didn't that break magisterjs?
I was (as many people are to my knowledge) contacted my Magister and asked to shut the "circumvention" (authcode retrieval, whatever you want to call it) down. Magister.js is now to be used with an authcode provided by the user, which you can get on several ways. But I just won't provide any. I would still get the official API documentation as to keep the package up-to-date all the time, since it can of course be used in officially certified projects, and since I don't have a Magister account so I can't test the package and dissect the API for myself. But they haven't still sent it to me after months. If you find some things suboptimal with the state of magisterjs I invite you to fork it, so you don't have to wait on my slow replies all the time ;) |
|
A new version has been published: https://github.com/simplyGits/MagisterJS/releases/tag/2.0.0-alpha.13 |
|
Thanks @lieuwex !
Yep, it did break MagisterJS (master branch), but only if you installed after 0.1.4 was released. If you did not update your (sub)dependencies, it would still use 0.1.3 or 0.1.2 and still work. Also, this was only true for an install from master. The latest npm release (then 2.0.0-alpha.12) did not yet use magister-openid, so it only broke a few days ago when the challenge URLs were changed from
So if I understand correctly, the Magister website uses its own authcode, that changes periodically (to prevent abuse) and you can get your own (static) authcode from Iddink? Are they a bit easy/quick to give out authcodes? For stuff like simple personal automation projects instead of general purpose Magister-based applications.
I used my own fork in the meantime, but will now switch back to the npm release. |
|
Ah I see, thanks the for explanation.
I don't know, Their thought was that if you've built an app you can show it to them and they would check if it has enough security considerations. If that's the case they would give you permission to use their API. But I've tried to convince them that his is a chicken-and-egg problem, since you'd need API access first to create an app to show. I can't tell if they've gone through with that plan or not, you should contact them. |
After the switch to magister-openid, the given authCode was no longer used, since magister-openid had its own (outdated) authCode. This has since been fixed in v0.1.4 with a breaking change requiring to pass along the authCode.
This PR fixes the backwards incompatibility by requiring at least 0.1.4 and passes the authCode along to magister-openid.
The reason we need to be able to pass an authCode is that magisterjs-authcode is no longer updated, see simplyGits/magisterjs-authcode#4. Any idea why that is? I had to create my own automatic authcode update tool (https://github.com/robbertkl/magister-authcode).