search

minderlabs / demo

Minder Demo App
1 stars 0 forks source link

Move from Firebase to Passport Auth. #80

Closed richburdon closed 7 years ago

richburdon commented 7 years ago

Large CR to move away from FB auth. Create new minder-services sub. Uses passport for OAuth providers. See oauth.png

adamberenzweig commented 7 years ago

Is this ready for review?

richburdon commented 7 years ago

Ready for review:

Probably best to focus on the server-side files and auth.js, client.js, background.js on the client.

Authentication Overhaul.
- Documentation: sub/services/src/auth/oauth.png

OAuth:
- New module: sub/services.
- OAuthProvider base class with GoogleOAuthProvider.
- TBD: Implement ServiceProvider abstraction (e.g., GoogleDriveQueryProcessor); Currently GoogleOAuthProvider requests GDrive scope.
- Replaced FB Auth with Passport (using Google Strategy for login).
- UserManager delegates to OAuthProvider for login (i.e., GoogleOAuthProvider). Able to add multiple providers (facebook, etc.)
- Passport middleware to check authentication (from cookie) for web pages. Removed custom cookie.
- Uses id_token from header for POST requests
- OAuthProvider vertifies token.
- TBD: Refreshing JWT id token.
- OAuthProvider retrieves normalized UserProfile on user registration (each login); Resolver now maps displayName to title.
- User set as active on first login if part of Group's whitelist.

Framework:
- Consistent server Error Handling (HttpError and server error handling middleware); error page for 500. Async promise/exception handling.
- Re-entrant parsing and upsert of initial data sets (e.g., account provisioning).

CRX:
- New Web Auth Flow.
- Consistent user/client registration (massive simplifying and stability clean-up). Cleaned-up AppAction reducer.
- Sidebar/Background registration clean-up (returns UserProfile -- no leakage of credentials, clientId, groupId, etc.)
- All state now in config (parity with Web client).

Web:
- Many UX/Apollo fixes.
- Removed dependence on groupId (part of config/registration state clean-up above; also enables multi-group support).
- TBD: Strane rendering issues (e.g., TaskCanvasComponent seems to render with partial results -- i.e., before "project" field has loaded; suspect Apollo serving initially from cache?)