search

Sage-Bionetworks / projectLive_NF

Live view of projects of funding partners
2 stars 3 forks source link

Revert "Update synapse auth" #131

Closed jaybee84 closed 3 years ago

jaybee84 commented 3 years ago

Reverts Sage-Bionetworks/projectLive#130

jaybee84 commented 3 years ago

@andrewelamb I pulled in your PR changes into dev to test it through testprojectlive, but it seems that it did not resolve the issue. The test button on the staging page has the new changes pulled in and is still broken.

Bruce sent out an email yesterday that he was going to help in making the app transition. Would you mind following up with Bruce regarding this issue?

andrewelamb commented 3 years ago

I was worried about that. I'll follow up with Bruce this week.

allaway commented 3 years ago

Hi both,

I don't think this would work yet, because as far as I can tell, the proposed authentication changes were not pushed to staging. The sessionToken still works, which, i think, means that the synapse cookie is not passing the authToken yet. So I wouldn't expect this patch to work (yet). I left a note in the #synapse slack channel to confirm, though...

allaway commented 3 years ago

FYI: the stack release was delayed:

17:11 robert Hi all, the sessionToken authentication approach still seems to work on Shiny apps. Is this because the changes were delayed? (/were they?) (edited)

17:22 bruce @robert We delayed releasing the latest version of Synapse. Moreover we realized that we could apply a ‘patch’ to the Synapse web services to make them accept an auth token sent by Shiny app’s as a session token. This means we can release the latest version of Synapse without breaking any Shiny app’s which haven’t been updated. We will release tonight or tomorrow night.

In addition, as noted above and below, it sounds like no change will be needed now, even after the new stack release:

17:33 bruce @robert it means that if you call synLogin(sessionToken=) instead of synLogin(authToken=), it will work exactly the same on stack-358 and beyond.

So instead of making any change now, it sounds like we can simply focus our efforts on making projectLive OAuth compatible, which is the preferred long-term direction for shiny apps according to comments made by bruce in #r:

... longer term (again, as @Sujay Patil said) the preferred way to authenticate is via OAuth: The mechanism of passing a token from Synapse via a cookie was developed when we had no other mechanism. It only works when you use your Shiny app’ within Synapse. Authenticating using OAuth will allow your Shiny app’ to run without needing to be embedded in Synapse and has other benefits (including being an industry-standard mechanism). There is an example of how to authenticate a Shiny app’ here (credit goes to @thomas.yu) and the instructions for setting up the requisite OAuth client are here. Any additional questions, please ask!