Log in with wallet + enable graphql

[vrde]

Publishing this as a draft and at one point it should solve #9.

We should allow users to log in with both their wallet and their odoo credentials. Some of us use an hardware wallet, and you don't always want to use it to log in (especially when you are using the app from your phone to just do time tracking).

The approach I propose here is:

• The browser GETs /api/walletLogin
• NextJS GETs https://odoo.neokingdom.org/auth_jwt_w3 and returns the JWT token to the browser
• The browser asks the user's wallet to sign the login statement
• The user signs it
• The browser POSTs the signature to /api/walletLogin
• NextJS:
  • GETs https://odoo.neokingdom.org/web/login
  • gets the CSRF token and the cookie
  • prepares the credentials:
  • login is set to the user's wallet address
  • password is set to btoa(JSON.stringify({ signing_token: signingToken, signature: sig })) as per spec
  • POSTs the credentials, cookie, and CSRF to https://odoo.neokingdom.org/web/login
  • stores the resulting authentication cookie in the user's cookie session

From now on NextJS can proxy all calls from /api/graphql to https://odoo.neokingdom.org/graphql by using the user's cookie.

NB: the code is not production ready. It's to show the authentication flow but must be refactored.

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated
dapp-neokingdom	✅ Ready (Inspect)	Visit Preview	💬 Add your feedback	Feb 17, 2023 at 11:20AM (UTC)
dapp-teledisko	✅ Ready (Inspect)	Visit Preview	💬 Add your feedback	Feb 17, 2023 at 11:20AM (UTC)