oo-bldrs
commented
2 years ago Sub-tasks
- [x] Add Auth0 React SDK
- [x] Configure esbuild to replace OAuth2 placeholders with values sourced from environment variables
- [x] Enable local storage to allow same session to be used across multiple browser tabs/windows
- [x] Use and display Github avatar with graceful fallback if no avatar available (or failed to load)
- [ ] Confirm callback, logout, and origin URLs in the Auth0 production application settings
- [ ] Configure Netlify with production OAuth2 environment variable values
- [ ] Use Github access token (if available) for all Github API calls (e.g. issues, comments)
- [ ] Update developer documentation to include how to sign up for an Auth0 account, create a test application, and configure the local Share instance against it
Share was built with a few Github features in mind (loading models from repositories, browsing issues, creating new issues, and commenting on existing issues). These features are operational today on public repositories, but not on private repositories.
However, by integrating with Auth0 for authentication and authorization, we can let users log in with their Github account and securely grant access to Share in order to view and/or collaborate on models contained in their private repositories.
Scenario 1 (Log in with Github)
As a user of Share, I expect to successfully log in to Github without sharing my login credentials directly with the Share application. After my initial granting of access, I expect to see Share in the list of authorized OAuth applications (https://github.com/settings/applications) and I expect to see my profile full name in Share match the full name configured in my Github account.
Scenario 2 (Remain logged in across multiple tabs)
As a user who is currently logged in to Share with the Github account, I expect to remain logged in when I duplicate the browser tab multiple times.
Scenario 3 (Load an IFC model from a private repository)
As a user who has previously logged in with Github and authorized Share to access my repositories, I expect to successfully load an IFC model (that is less than 100MB) from a private repository that is inaccessible to anonymous users of Github.
Scenario 4 (Create a new issue on an IFC model)
As a user who has authorized Share to access my repositories, I expect to create a new note in Share, see that newly created issue in the list of issues for that repository, and vice versa: see the newly created note in Share.
Scenario 5 (Repository has issue functionality disabled)
As a user of Share, when the Github repository that I am loading an IFC model from has issues disabled, I expect the note functionality in Share to be unavailable along with a brief, explanatory message describing the situation.
Scenario 6 (Application access revoked)
As a user of Share who has revoked access for the application from the Github list of authorized OAuth apps (https://github.com/settings/applications), when I attempt to load an IFC model from a private repository I expect Share to raise an error reflecting that it does not have access to the URL in question.
Scenario 7 (Successful log out)
As a user of Share who is currently authenticated via Github, I expect the logout functionality to successfully destroy my session and Share to no longer reflect that I am actively logged in.