Open SQL-MisterMagoo opened 5 years ago
chrissainty
commented
5 years ago I think it would be good to log in properly. From a usability point of view, it's what people will expect. I think asking everyone to go get a API key will be a turn off.
I assume if we implement the same log in options as Gitter then we can do it all from client-side as its all OAuth flow?
Liques
commented
5 years ago Yes, ask for a token is not good. The process must more automatically. If it's not a problem or if it was not started, I would like to try take this task.
SQL-MisterMagoo
commented
5 years ago Hi @Liques
That's great - thanks for the offer - that would be really helpful.
The thing that made me hold off on doing this is that it is purely client side, and I am not confident how to do the whole Auth flow that way - I suspect CORS may be an issue.
I look forward to seeing how you get on, thanks!
Liques
commented
5 years ago You is right: CORS was an issue. :-(
I have success to get the exchange token, but when I try get the final access token there is a CORS error that I found no solution...
At least I the backend part looks ok, I will share it.
Update: Here is a branch with the complete attempt. https://github.com/Liques/Gitter/tree/corserror The first step is working well, the website is getting the exchange token with success. But final step is not working.
SQL-MisterMagoo
commented
5 years ago I've done a bit of searching of the gitterhq/api channel and the advice over and over again seems to be "just use your personal token", so I don't think they are likely to address the CORS issue.
I'll see if anyone has any ideas on how to handle this.
Liques
commented
5 years ago On the server project I had success to authenticate today. Maybe it's very hard to make it works on a full client-side browser client. Take a look on this workaround: https://gitlab.com/gitlab-org/gitter/webapp/issues/543
Liques
commented
5 years ago I took another look in this issue. I realized that is not possible to make this work without a specific support of the API for client side applications. The Google API, for example, support it: https://developers.google.com/identity/protocols/OAuth2UserAgent
But the Gitter API have no support. It was request some years ago and there was not developed yet: https://gitlab.com/gitlab-org/gitter/webapp/issues/533
The only way I see to overcome this problem is to deploy a microservice specific to this software. But I agree that for this time, take the personal token is ok. :-)
For now, this just uses an API key for the user auth.
It should log them in maybe?