Skip to content
This repository has been archived by the owner on Dec 1, 2017. It is now read-only.

Implement an auth solution for publish #480

Open
gideonthomas opened this issue May 27, 2015 · 5 comments
Open

Implement an auth solution for publish #480

gideonthomas opened this issue May 27, 2015 · 5 comments
Assignees
@sedge
Labels
thimble

Comments

@gideonthomas
Copy link
Contributor

We use passport.js for authentication so that we can make it pluggable. Currently we support multiple ways to authenticate with makedrive such as github, facebook, etc. This is done by us writing "passport-strategies" to make use of these apis.

Right now, we have one for the old login.webmaker.org system, however, since id.webmaker.org is what's used now, we need to write a strategy (and provider I think) for that. Passport.js provides some oauth2 providers that we might be able to make use of to help us code the provider for id.webmaker.org.

A good person to find out more information from re: this is @alicoding since he wrote most of the existing code.
@sedge
Copy link
Contributor

sedge commented May 27, 2015

@gideonthomas Where does authentication take place with the current system? Does makedrive pick up on the webmaker auth cookie and use that to confirm a valid user?

@gideonthomas
Copy link
Contributor Author

I'm pretty sure none of that logic is handled by makedrive. I believe that makedrive receives a token from the hosting app which is sent to the server and is handled by the passport.js stuff which honestly is sorta a black box to me.

@alicoding
Copy link
Collaborator

I've done the work on the front-end mostly, so the right person to ask would be @cadecairos

@cadecairos
Copy link

a good resource to have while writing a strategy would be https://github.com/mozilla/id.webmaker.org/blob/develop/docs/oauth.md

I'm not familiar with passport, so your best bet is their docs

@sedge
Copy link
Contributor

sedge commented May 28, 2015

Initial research into this has surfaced the problem of how to prove the user is authenticated. If this was webmaker, we'd be relying on a cookie to allow a user to interact with makedrive in a seamless manner. There's no such mechanism without webmaker-auth.

The most straightforward solution for thimble is to authenticate through the websocket, rather than before one is opened. Thimble could request a token from makedrive and pass it along to the user, who puts it through the websocket as the first message. We tried something similar with makedrive in the past.

This would mean dropping passportjs entirely from the publish server instance of makedrive.

My guess is that a more general SSO solution will be needed. Follow the discussion in mozilla/thimble.webmaker.org#534 to see how this unfolds.

@sedge sedge changed the title Integrate id.webmaker.org Implement an auth solution for publish May 28, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sedge sedge

Labels
thimble
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cadecairos @sedge @alicoding @gideonthomas