Closed ctm closed 5 months ago
D'oh. It's not the code that's missing, but the access token, which can only be used once. The problem is deeper than the description I wrote up, because either we have to restart the whole authentication process from scratch, or put something in the server that basically says a given session is allowed to do a force login because it's already been authenticated. I lean toward the latter because asking OAuth twice just seems icky. After all, we do know that authentication has succeeded, so it's only a matter of recording that info for future reuse.
Turns out, mb2 already has the functionality I was considering writing, but it does it based on the GitHub code rather than a LobbySessionId
and currently it's only used when creating a new Nick after doing the GitHub authorization. So, all I need to do is hoist that code a little higher and then access it when we have a GitHub code and force
is true
.
Done, although I wasn't able to hoist the code due to the way the credentials are kept alive during the login process. As such, I copy and pasted it. It's not a lot of code, but that still bugs me.
Deploying now.
Fix so it's possible to do a forced login when logging in with GitHub.
I don't think this ever worked. I just tried a pre-connection-state-refactor version and it didn't work there. The error that is presented is "could not find access token" and I think that's because we've always thrown the access token away as soon as we've used it. Of course force login works by trying again with the same credentials, but with "force" set to true, so if we throw away the credentials, it fails.
Logging in via GitHub has been a proof-of-concept "feature" that nobody uses, so it inadvertently was a second-class citizen and wasn't something I paid attention to on a regular basis. However, I'm seriously considering adding Facebook OAuth, so it would be nice to get everything working with GitHub before I do so.