search

CenterForDigitalHumanities / TPEN3

3.0 Release of the transcription tool from the Center for Digital Humanities
Other
2 stars 0 forks source link

New /login endpoint #45

Open cubap opened 5 days ago

cubap commented 5 days ago

Is your feature an extension/update of a feature currently at t-pen.org?

Summarize your proposed feature or solution

Related to https://github.com/CenterForDigitalHumanities/TPEN3/issues/36 

A /login endpoint will allow an external application to direct a user to 
`https://three.t-pen.org/login?returnTo={URL}` and receive the `idToken` for 
that user in response after authentication. The URL should be able to be a 
web page, for traditional website workflows, or a webhook/service in the case 
that the application wants to attempt a silent authentication to grab a token.

Describe the specific use case this solution would address

Internally, we are set for callbacks through Auth0, but a third-party (even 
something like OSS) will need to verify users reliably and also have a token 
to include for authorized actions.

Similar solutions in the wild

This violates the basic security of Auth0, so it is not the widely used solution, 
but we are trying to eliminate individual application registration.

Additional context

The security implications means we need to be extra careful what permanent 
changes we make based solely on an authenticated User token.
cubap commented 5 days ago

maybe there is space here for a silent "checkForToken" call or a version of a response that just happens. Also, perhaps a "force" parameter makes sense to logout if the User is already authenticated.

cubap commented 5 days ago

We'll need to test if going to the tab and leaving works or if we need to open this in a tab that stays open with some message like "Leave this open to remain logged into TPEN" with a "Logout" button on it.