search

lewazo / boreale

:evergreen_tree: A very lightweight authentication service for Traefik
MIT License
49 stars 4 forks source link

Logout mechanism? #21

Open sorcerer-merlin opened 3 years ago

sorcerer-merlin commented 3 years ago

So I was thinking it might be nice to have a wait to log out (which I suppose would effectively just delete the cookie, yes?) from your app. Either after a configurable time out (can you do that with a cookie?) and or through an api call via a link that I can put on my Homer Dashboard or something... I could probably figure this out on my own and fork the repo after a bit of work, but maybe other people might like a similar feature? Anyway, just a thought. Your app is working great!

Thanks!

lewazo commented 3 years ago

Hey,

So yeah technically for logging out you would simply need to delete or expire the cookie. You could indeed have a configurable time out, as you say. That would be possible by setting the Max-Age property on the cookie, so it should be pretty easy to implement.

We could also have a /logout route that would delete the cookie, but it would be weird UX-wise, because we wouldn't be able to access this route through the Boréale login screen, since once logged in, the login screen just forwards to the requested app. But if one was to add a link to a homepage like you propose then that would make sense, I guess.

but maybe other people might like a similar feature?

Yes I think that is a good feature to have. I didn't initially put it because I didn't personally see any value in it, but my use cases does not represent the use cases of every users. I think it would make sense to have this.

The beauty of open source is that if you fork the projet and implement the feature, you could very easily submit a pull request so other people could benefit from it too!

I didn't touch this project for a while, but there is a list of improvements I want to do, so it is definitely not abandoned. If you decide to try and implement it yourself, I'd be grateful to merge any PRs you make, or help guide you. Either way, if you decide to not implement it, I will add it to my list of improvements and get to it eventually, once my work calms down a bit and I'll have a little more free time.

sorcerer-merlin commented 3 years ago

Unfortunately, I have no experience with writing anything in Elixir. I have experience with PHP, MySQL (i.e. LAMP stack), some C++/C# and VB .NET and I dabbled in Python and BASH scripts. I am also a little fuzzy on how cookies work and what properties they have, etc. I could read up on them I suppose, but for now at least, it's outside my scope. I know what you mean about being busy. I have a full time job, wife, kids and about 20 hobbies that I try to rotate between on a whim. Anyway, I appreciate the responses. Again, your app works great for my purposes, so thanks for developing it and for keeping it open source.

Sent with Shift https://tryshift.com/?utm_source=SentWithShift&utm_campaign=Sent+with+Shift+Signature&utm_medium=Email+Signature&utm_content=General+Email+Group

On Tue, Nov 9, 2021 at 8:32 PM Anthony Jean @.***> wrote:

Hey,

So yeah technically for logging out you would simply need to delete or expire the cookie. You could indeed have a configurable time out, as you say. That would be possible by setting the Max-Age property on the cookie, so it should be pretty easy to implement.

We could also have a /logout route that would delete the cookie, but it would be weird UX-wise, because we wouldn't be able to access this route through the Boréale login screen, since once logged in, the login screen just forwards to the requested app. But if one was to add a link to a homepage like you propose then that would make sense, I guess.

but maybe other people might like a similar feature?

Yes I think that is a good feature to have. I didn't initially put it because I didn't personally see any value in it, but my use cases does not represent the use cases of every users. I think it would make sense to have this.

The beauty of open source is that if you fork the projet and implement the feature, you could very easily submit a pull request so other people could benefit from it too!

I didn't touch this project for a while, but there is a list of improvements I want to do, so it is definitely not abandoned. If you decide to try and implement it yourself, I'd be grateful to merge any PRs you make, or help guide you. Either way, if you decide to not implement it, I will add it to my list of improvements and get to it eventually, once my work calms down a bit and I'll have a little more free time.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lewazo/boreale/issues/21#issuecomment-964699020, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACO7N5JOFB43OBOBIMART3DULHDTJANCNFSM5HWQNHPQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.