You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 5, 2023. It is now read-only.
@nprail sure, anything would help. There's probably a lot that won't work since we can't use the Crypto API from node.js (I'm assuming we'll have to sign some JWTs for Google).
But we already have the sjcl package which can probably do a lot of what we need. Until we have a more complete Crypto API (from the Web API.)
It was a POC for improving auth on Surge.sh so some things would have to be modified. For example, it doesn't do Google login. It just has a static username and password in it. I think the login server piece of the POC can be completely replaced by an OAuth provider.
This is the basic flow:
The user goes to a password protected site (e.g. protected.example.com)
The user is redirected to the Login Server and logs in (which redirects to Google or any other provider for login)
The user is redirected back to protected.example.com with the new JWT token stored in a cookie
The JWT token is then used to verify that the user has access to the site
Protect some routes via a 3rd party auth system (in this case: Google.)
We had that with the old platform (sites), pretty sure it would still be useful.
The text was updated successfully, but these errors were encountered: