Open sahilbhatia opened 4 years ago
Just wanted to provide you an update here, Sahil, pertaining specifically to:
Logic to exchange OTP + encrypted cookies for JWT token
Right now in the go-backend
this is almost complete (I anticipate I'll have this finished in the next day or two). The way this works is, you'd have a URL you send the user to in the front-end of the app, then using Google's dashboard you tell them where to redirect after a successful login. When they do, they'll provide a URL encoded variable called "code" (/gauth-success?code=abc123xyz
).
Right now my golang authentication function is set up to need that same code
variable (by that name) and value since using that code is how we get information from Google about the user (like their email address). Once we fetch that info from Google under the hood, the go-backend
will respond with a JSON Web Token (returning that token is what I'm working on right now).
Now, we can change the URL your front-end will ask for the token (while providing code
), and we can change the variable name of code
to whatever you want to use. Just let me know how you want that done.
Hope this helps bring some clarity to things. Let me know if you need me to do anything different, or have any questions.
Update: What I mentioned before is complete. @the-spectator is still working on logout and middleware to check the token on each request, but the issuance of JWTs (and denial if no org or org not in our DB) is finished.
Here's a screenshot of what it looks like when a user is successfully authenticated now (this is the JSON response body you'll get with success):
And here's a screenshot of what happens when a user with no domain associated with them tries to login (I used my "bogus google" account for testing this, just a personal account with no organization associated with it):
To demo this yourself:
session-mgmt-25
branch$ psql -d postgres -U youruser
> DROP DATABASE peerly;
> CREATE DATABASE peerly;
> \q
make migrate
to get all the necessary tables in place and some data in those tables.make server
Authorization
header too.Let me know if you need any tweaks to this or if you have any questions.