Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it a way not make Github call directly backend, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? #91

Closed
j4nos opened this issue Oct 5, 2022 · 2 comments
Closed

Is it a way not make Github call directly backend, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? #91

j4nos opened this issue Oct 5, 2022 · 2 comments

Comments

@j4nos
Copy link

j4nos commented Oct 5, 2022
edited

I did setup Imperial as tutorial says, but when a GET is sent with http://localhost:8080/gh-auth-complete?code=1c529782861a44782488 then it refuses, it does not have access-token.

My frontend and backend is separated. I would use Oauth 2.0 in the official way, Github -> frontend -> backend.

Is it possible to pass only code and check its validity in a next communication sequence?

oauth
@j4nos j4nos changed the title Is it a way not make Github call directly gh-auth-complete endpoint, but call frontend first, and frontend call gh-auth-complete in backend and pass code? Is it a way not make Github call directly gh-auth-complete endpoint, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? Oct 5, 2022
@j4nos j4nos changed the title Is it a way not make Github call directly gh-auth-complete endpoint, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? Is it a way not make Github call directly backend, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? Oct 5, 2022
@0xTim
Copy link
Member

0xTim commented Oct 5, 2022

No if you want that functionality you'd need to implement it yourself

@0xTim
Copy link
Member

0xTim commented Oct 10, 2022

Also, to clarify - GH calls the URL that you specify in the redirect. You probably want to handle it all in the backend to keep it secure then pass a user/token/success to the front end when complete

@0xTim 0xTim closed this as not planned Won't fix, can't repro, duplicate, stale Oct 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xTim @j4nos