search

authgear / authgear-sdk-js

Authgear authentication SDK for Single Page Applications (SPA) and JavaScript websites
https://www.authgear.com/
Other
5 stars 18 forks source link

Implement app-initiated-sso-to-web #306

Closed tung2744 closed 4 months ago

tung2744 commented 4 months ago

ref DEV-1407

How to test

  1. You should have two clients, for example client1id client2id. Set x_app_initiated_sso_to_web_enabled to true for both clients.
  2. In the example app, fill client1id as the "Client ID". Fill client2id as the "App Initiated SSO To Web Client ID". Check "Is App Initiated SSO To Web Enabled". Press configure.
  3. Press Authenticate and complete the login.
  4. Now, press "App Initiated SSO To Web". You should see a browser opened and closed immediately. Then a continue screen appear.
  5. Press continue, successfully logged in.
tung2744 commented 4 months ago
  1. When transient token storage is used, I guess we should still persist the id Token and device secret in the persistence storage. Is this true?

It is not true in this pr. And I prefer not to modify it. I don't think there is any reason we need to persist device_secret and id_token now as native sso is not implemented yet.

  1. From your testing description, the testing steps may be too hard for other team members to follow. What about we introduce a new section for app-initiated sso to web? The goal is that we do not need to change the client ID input field or change token storage to transient. Instead, we ask the user to input a client ID (which can be optional, default to the current one), and a redirect URI (optional, default to the current one). We also should not ask the user to turn on browser SSO. We should create a new container with a random different name each time, with transient token storage, with browser SSO turned on. What do you think?

I think I can create a new issue to make the example app easier to use.

louischan-oursky commented 4 months ago
  1. Introduce SharedStorage, we will use this to store device_secret and id_token. The currently implementation is persistent within the app itself only.
  2. Add the two optional fields. The two fields must be both empty, or both filled in. If both client ID and redirect URI is empty, then use WKWebViewImplementation to open, otherwise use external browser to open.
tung2744 commented 4 months ago

Renamed SharedStorage to InterAppSharedStorage. Also fixed a bug that state is not passed to server.