Add configurable authentication#758
Conversation
6ff874a to
cd02de7
Compare
|
One thing I tried to do with this is to allow users to not have to click on a login button if there is only a single login type configured. I realized, however, that if the login flow opens a popup window, like with Google or Microsoft, then without the explicit user interaction of clicking on the login button, the browser blocks the popup window. I therefore made it so that users can skip clicking a login button only if there is a single login type configured and it doesn't need a popup window (which only applies to guest login for the built-in types, but could apply to custom auth types). |
|
I tried this out with a custom plugin. I manually added the header import Plugin from "@jbrowse/core/Plugin";
import type PluginManager from "@jbrowse/core/PluginManager";
import type { Request } from "express";
import { version } from "../package.json";
export default class ApolloCustomAuthPlugin extends Plugin {
name = "ApolloCustomAuthPlugin";
version = version;
apolloInstall(pluginManager: PluginManager) {
pluginManager.addToExtensionPoint(
"Apollo-RegisterCustomAuth",
(
customAuths: Map<
string,
{
message: string;
needsPopup: boolean;
handler: (
request: Request,
) => Promise<{ name: string; email: string }>;
}
>,
) => {
customAuths.set("custom", {
message: "Sign in with Custom Auth",
needsPopup: false,
handler: async (request: Request) => {
const remoteUser = request.headers['x-apollo-custom'];
if (!remoteUser || Array.isArray(remoteUser)) {
throw new Error("Invalid remote user");
}
const [name, email] = remoteUser.split(";");
return { name, email };
},
});
return customAuths;
},
);
}
}Now I need to see if this works for a more complicated login type, e.g. an Oauth provider that's not Google or Microsoft. |
e52b4cc to
ecbfe8e
Compare
|
This now includes documentation on how to use the extension point (preview here) and a link to an example repo that adds ORCID login to Apollo 3: https://github.com/GMOD/jbrowse-plugin-apollo-orcid-login |
This only works if there is a single login type configured and it does not need a popup login window (currently only the guest login).
18f70eb to
ad0fc92
Compare
This adds an extension point for configurable authentication. Draft for now, more info to come if this idea ends up working out.