Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add manual linking APIs #1317

Merged
merged 14 commits into from
Nov 29, 2023
Merged

feat: add manual linking APIs #1317

merged 14 commits into from
Nov 29, 2023

Conversation

kangmingtay
Copy link
Member

@kangmingtay kangmingtay commented Nov 22, 2023
edited
Loading

What kind of change does this PR introduce?

  • Adds a new endpoint GET /user/identities/authorize which is an endpoint to initiate the manual linking process and can only be invoked if the user is authenticated
  • GET /user/identities/authorize functions similarly to GET /authorize where the user needs to login to the new oauth identity in order to link the identity
  • Example
// sign in with one of the supported auth methods to get the user's access token JWT first

// start the identity linking process
$ curl -X GET "http://localhost:9999/user/identities/authorize?provider=google" -H "Authorization: Bearer ACCESS_TOKEN_JWT"

{"url":"https://oauth_provider_url.com/path/to/sign-in"}

// visit the url returned and login to the oauth provider 
// request will be redirected to the /callback endpoint

// if the identity is successfully linked, the request will be redirected to `http://localhost:3000/#access_token=xxx&....`

// if the identity already exists, the request will be redirect to:
// http://localhost:3000/?error=invalid_request&error_code=400&error_description=Identity+is+already+linked+to+another+user#error=invalid_request&error_code=400&error_description=Identity+is+already+linked+to+another+user

Details

  • The callback endpoint used will be the same callback as the oauth sign-in flow so that the developer doesn't have to add any additional callback URLs to the oauth provider in order to enable manual linking
  • A special field LinkingTargetId is introduced in the oauth state to store the linking target user ID. This ID will be used in the callback to determine the target user to link the candidate identity used
  • If the identity is already linked to the current user or another user, an error will be returned
  • If the identity doesn't exist, then it will be successfully linked to the existing user and a new access & refresh token will be issued.

@kangmingtay kangmingtay requested a review from a team as a code owner November 22, 2023 05:58
kangmingtay
kangmingtay commented Nov 22, 2023
View reviewed changes
internal/api/identity.go Outdated Show resolved Hide resolved
hf
hf approved these changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@hf hf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would appreciate at least one test to exercise linkIdentityToUser which can be tested in isolation, no need for a whole request-response setup.

internal/api/api.go Outdated Show resolved Hide resolved
internal/api/external.go Outdated Show resolved Hide resolved
internal/api/external.go Show resolved Hide resolved
internal/api/external.go Show resolved Hide resolved
internal/api/identity.go Outdated Show resolved Hide resolved
hf
hf approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@hf hf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes!

internal/api/identity.go Outdated Show resolved Hide resolved
@kangmingtay kangmingtay merged commit 80172a1 into master Nov 29, 2023
2 checks passed
@kangmingtay kangmingtay deleted the km/feat-link-identity branch November 29, 2023 22:26
@github-actions GitHub Actions
Copy link
Contributor

🎉 This PR is included in version 2.121.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@kangmingtay kangmingtay mentioned this pull request Dec 1, 2023
Open
@mosnicholas
Copy link

Is it possible to test this locally? It doesn't seem as though any set of env variables or config.toml changes enable us to :(

@mosnicholas mosnicholas mentioned this pull request Jan 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hf hf hf approved these changes

@J0 J0 J0 approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kangmingtay @mosnicholas @hf @J0