Closed stephane-segning closed 9 months ago
edardev
commented
12 months ago I am also looking to implement ORY. ORY is a set of open-source projects that focus on building cloud-native authentication (ORY Hydra), authorization (ORY Keto), and user management (ORY Kratos) solutions.
adrien2p
commented
12 months ago Hey guys, you can open a pr if you want to add a new provider. You can see how we did it for the other strategies 😊
Also, this person would be interested in a steam auth https://github.com/adrien2p/medusa-plugins/issues/117
stephane-segning
commented
12 months ago Yes @adrien2p sure, I'm free to start now. I can do a first example for Keycloak, then @edardev can continue with Ory (it's been a long time since I did Ory 🙈). For steam, I'll need to read first how it works. but I already saw a passport-steam.
stephane-segning
commented
12 months ago Shall we go for a more general openid client using passport-oauth2? That way more people could add their own clients.
stephane-segning
commented
12 months ago Ok, I went with passport-oauth2. This way we can integrate with more clients. You can see a PR #119
piereligio
commented
12 months ago Ok, I went with passport-oauth2. This way we can integrate with more clients. You can see a PR #119
This seems like a great idea, thanks. I did also notice there is passport-steam (for my case of course), in case it requires something special (but it probably does not)
Thanks @adrien2p for mentioning!
stephane-segning
commented
11 months ago Yeah @piereligio. Now'll wait for @adrien2p to merge before I start looking at the steam addon. Or can already do that 🙈
piereligio
commented
11 months ago Yeah @piereligio. Now'll wait for @adrien2p to merge before I start looking at the steam addon. Or can already do that 🙈
I think I would do that pretty easily myself, but honestly I didn't even figure out how to set it up. I tried Facebook by instance, no success logging in a new user. Maybe I'm using the wrong route, I've only followed the guide of the plugin
EDIT: Google working fine now
adrien2p
commented
11 months ago Hey guys, super for the pr 💪 next week ill have more free time and ill be able to look at it, beginning of the week probably. I am still following the thread dont worry 😄
Recap is almost there and I had a lot of work to do this week. Hope you understand guys🤞
piereligio
commented
11 months ago Shall we go for a more general openid client using passport-oauth2? That way more people could add their own clients.
I'm taking a closer look now, and looks like Steam uses OpenID only, now, not Oauth, for some reason. passport-steam is using OpenID, so it should be fine to integrate that one.
(I need in particular to use steam login for collecting the steam ID in a reliable way, I don't know if it's possible to integrate this in the plugin)
stephane-segning
commented
11 months ago @piereligio I think it's possible. But we can simply integrate openid and to match with all other openid clients. How about it?
piereligio
commented
11 months ago @piereligio I think it's possible. But we can simply integrate openid and to match with all other openid clients. How about it?
As long as it will work, I'd be very grateful regardless of what package is used. I was trying with the steam one but I guess it's the same thing. Maybe the generic OpenID one will require some additional parameter to get set up? That wouldn't be a problem if it's clear how to use it.
Thanks in advance!
[ however I spent today trying to make it work using passport-steam but looks like I cannot make it even start. I'm getting the error: Error: Unknown authentication strategy "steam.x" (there x is the rest of the name I have, which I don't remember). I'm probably doing something wrong: basically I copied over everything about the strategy of Facebook login and simply replaced occurrences of 'facebook' to steam (keeping capitals as they were). The strategy has a new name where Facebook is replaced with steam. Of course it was just a first test. I suspect I did something wrong with the installation from filesystem (I basically downloaded and renamed the package, installing it with npm link) of the plugin itself at this point. The other ways of logging in were working correctly today. ]
adrien2p
commented
11 months ago @piereligio if you are trying locally, either use --preserve-symlink or rm the duplicate passport package in the node modules (depending on your package manger). Only one instance of passport must exists otherwise the strategies are not located in the right one. If the issue does not come from that it would mean that an error occured while loading the plugin and therefore nothing get registered
piereligio
commented
11 months ago @piereligio if you are trying locally, either use --preserve-symlink or rm the duplicate passport package in the node modules (depending on your package manger). Only one instance of passport must exists otherwise the strategies are not located in the right one. If the issue does not come from that it would mean that an error occured while loading the plugin and therefore nothing get registered
Where should I use --preserve-symlink? I've tried running yarn start:custom, which has --preserve-symlink . If I run medusa in this way, every authentication route provided by the plugin, will return the json with the value exists = false. Otherwise, with medusa develop, google authentication will work (the setup in medusa config uses the plugin which I named medusa-plugin-auth-piereligio), just the steam one will give the error I mentioned earlier (which you can see in full detail below). Also, the strategy name is correctly taken from the code that I written (does the name have to match some specific name that already exists? I made it up).
Error: Unknown authentication strategy "steam.store.medusa-auth-plugin" at attempt (.........\medusa-plugins-custom\node_modules\passport\lib\middleware\authenticate.js:193:39) at authenticate (.........\medusa-plugins-custom\node_modules\passport\lib\middleware\authenticate.js:370:7) at Layer.handle [as handle_request] (.........\medusa-plugins-custom\node_modules\express\lib\router\layer.js:95:5) at next (.........\medusa-plugins-custom\node_modules\express\lib\router\route.js:144:13) at .........\medusa-plugins-custom\packages\medusa-plugin-auth-piereligio\core\passport\utils\auth-routes-builder.js:39:9 at Layer.handle [as handle_request] (.........\medusa-plugins-custom\node_modules\express\lib\router\layer.js:95:5) at next (.........\medusa-plugins-custom\node_modules\express\lib\router\route.js:144:13) at Route.dispatch (.........\medusa-plugins-custom\node_modules\express\lib\router\route.js:114:3) at Layer.handle [as handle_request] (.........\medusa-plugins-custom\node_modules\express\lib\router\layer.js:95:5) at .........\medusa-plugins-custom\node_modules\express\lib\router\index.js:284:15
Like I said earlier, probably I'm doing something wrong, but I really don't understand where. I tried rebuilding both medusa-plugins-custom and medusa-plugin-auth-piereligio. Maybe there is some way I should register new strategies?
stephane-segning
commented
11 months ago The #119 was merged. So I'll start working on the next steps. I check into the code of passport-steam and saw that it is using the Steam Web API behind the wood, specifically this https://developer.valvesoftware.com/wiki/Steam_Web_API#GetPlayerSummaries_.28v0002.29 API. Which is returning no email. @adrien2p is it possible to retrieve users without email?
Because, as for Steam it's illegal to expose email addresses.
piereligio
commented
11 months ago The #119 was merged. So I'll start working on the next steps. I check into the code of
passport-steamand saw that it is using the Steam Web API behind the wood, specifically this https://developer.valvesoftware.com/wiki/Steam_Web_API#GetPlayerSummaries_.28v0002.29 API. Which is returning no email. @adrien2p is it possible to retrieve users without email?
I see it returns SteamID, which could be used as identifier in my case, but I guess Medusa might have trouble with that. Damn 🥲
stephane-segning
commented
11 months ago @piereligio I wrote a code for this integration. It won't work well, except we change a bit the validateStoreCallback and validateAdminCallback methods a bit, to handle cases where there's no email
Edit: Here is the PR #120
stephane-segning
commented
11 months ago I see it returns SteamID, which could be used as identifier in my case, but I guess Medusa might have trouble with that. Damn 🥲
You totally can still do it. See, there's this method called retrieveByApiToken, which is perfect for this case. After the login flow, you can just create users by api_token if they don't exist and retrieve them if they do. The api_token in this case can absolutely be the steamID
piereligio
commented
11 months ago I see it returns SteamID, which could be used as identifier in my case, but I guess Medusa might have trouble with that. Damn 🥲
You totally can still do it. See, there's this method called
retrieveByApiToken, which is perfect for this case. After the login flow, you can just create users byapi_tokenif they don't exist and retrieve them if they do. Theapi_tokenin this case can absolutely be thesteamID
Thank you so much, I'm going to try it ASAP. Any suggestions on how to check your code out? I was going to do the checkout itself with Github desktop, then the usual npm link stuff on the medusa-plugin-auth package. Makes sense? I hope to make my contributions myself in future, I'm still learning 😁
stephane-segning
commented
11 months ago Any suggestions on how to check your code out?
Sure!
feature/add-steam-passportyarn to install all dependencies.Then you'll have the code
piereligio
commented
11 months ago Any suggestions on how to check your code out?
Sure!
- First thing, clone the repo https://github.com/stephane-segning/medusa-plugins
- Then checkout the branch on which I was working
feature/add-steam-passport- Then at the root, do a
yarnto install all dependencies.Then you'll have the code
At the risk of looking dumb, 3 final questions:
I hope not to be annoying at this point, the fact is that I tried to install without success. I tried by doing the following steps (starting from having the plugin not installed at all):
Thank you very much
adrien2p
commented
11 months ago When installing the plugin locally, you can link it and start your backend with the custom entry point that I believe also use the node flag preserve symlink. Second option, in the plugin directory you can use the package manager pack command and then install from the tgz in your backend
piereligio
commented
11 months ago Hey there. I don't really understand why, but using 1.8.1 works, 1.8.2 doesn't. I'm not even talking of the locally installed version from @stephane-segning . The issue that emerges is that when I access the routes provided by the plugin, it will be returned { "exists" : false } . When I go back to 1.8.1 it is working fine. I would have opened a new issue but I suspect it might be only on my end, somehow. Any ideas?
EDIT1: maybe it's on my end, since it also happens on 1.8.1 if I install it as a package (I used the tgz installation method). But the issue is even there on another dummy medusa installation I just did. Since the linking way of installing did partially work, few days ago, now I'll try with that again.
Is there some way to log where the issue is? Can I send some configuration file to see if it makes sense or I've something wrong?
adrien2p
commented
11 months ago Just to eliminate one thing, could you go in your node modules and remove the node module of medusa auth plugin. Let me know if it persist. Personally i use the tgz and don't have any issues.
piereligio
commented
11 months ago Just to eliminate one thing, could you go in your node modules and remove the node module of medusa auth plugin. Let me know if it persist. Personally i use the tgz and don't have any issues.
When I changed versions, I always did "yarn remove medusa-plugin-auth" and then installed again with yarn add. In this way the node modules plugin folder was always gone. If you meant that I should try to install tgz and then remove the node module, in this case it will fail launching medusa: it says that it didn't find medusa-plugin-auth. So installing the tgz again (using command yarn add file:packages/medusa-plugin-auth-v1.8.1.tgz ), it fails with the routes in the way I said earlier. It's super weird because 1.8.1 works fine if I use yarn add medusa-plugin-auth@1.8.1, but I encounter this issue on 1.8.2, and on any tgz I try to build and install (including 1.8.1 taken from the releases). Initially I even had this issue on 1.8.1 but it was gone when I fixed my setup on medusa-config.js .
EDIT1: I was able to make 1.8.1 work from filesystem using yarn link. Now I'll try to do the same for 1.8.2. If it doesn't work, I'll try to merge the steam login commit changes on 1.8.1 version and link that one. EDIT2: the unmodified 1.8.2 is working now (installed with yarn link), the hell O.O Now I'll install with yarn link the modified 1.8.2 with steam login fingers crossed
piereligio
commented
11 months ago 1.8.2 with the steam login modification now works for google and facebook login, but not steam, sadly. But it still returns { "exists" : false } on the steam login route. Is it possible there is some more cache to clean? I've tried already to clean yarn cache and linking again, and cleaning the browser cache.
Or maybe it's because I cannot run yarn build successfully on the plugin? The build fails because of the email being missing in the Steam strategy. Now I'm editing it to return null for the admin login callback (I only need to provide Steam login on the frontstore), and I'll try to build and install again.
EDIT: yup, working now. It requires the necessary modifications to the core for allowing logging in using SteamID instead of email though. I might do that myself
adrien2p
commented
10 months ago what should we do for this one guys?
piereligio
commented
10 months ago what should we do for this one guys?
Good question. I ended up making the Steam one work, but it has the email limitation, so I generate it based on the steam ID,and use a metadata 'email contact' field for making the user receive the communications when buying. (I prefer keeping the steam IDs, and in this way I'm sure that the steam login will always work)
It's pretty hacky, it can't go like this in any plugin ahah
Hello, nice plugin guys. I want to use it for my next project. But I cannot, because a client want to integrate with his Keycloak SSO. Hence I'm re-openning this again, as I see the previous one (#65) was closed. I can work on that and can implement that feature. I just need to understand why the previous one wasn't approved