search

mozilla / standup

web app that logs daily standup updates
https://www.standu.ps
BSD 3-Clause "New" or "Revised" License
64 stars 32 forks source link

signin in local dev environment doesn't work #461

Closed willkg closed 6 years ago

willkg commented 6 years ago

When trying to sign in in the local dev environment, I get an error from the Mozilla SSO saying our callback is not allowed.

The problem is that the django app now runs as app:8000 and before it ran as localhost:8000. I think we just need to add that to the Mozilla SSO thing.

I did a request to update our client account thing.

pmac commented 6 years ago

But you're actually viewing the site at localhost:3000 locally now with the Browsersync proxy. So if we need to change anything I think it's just the port. The other option is that I can simply change the browsersync port to 8000 and have the Django server use something else (e.g. 3000).

willkg commented 6 years ago

So, what happens is that mozilla-django-oidc generates the callback url using the host and port of the django server. So right now it's thinking "app:8000". If we move it around, then it'll still be wrong.

I looked at whether we could tell mozilla-django-oidc to not do what it's doing and I don't think we can. Pretty sure the problem is here:

https://github.com/mozilla/mozilla-django-oidc/blob/6f84a68147b4a41b686c550c4d05533be993303c/mozilla_django_oidc/auth.py#L227

I think we need to do something different. Instead of having browsersync proxy, we have two separate web services one serving assets and the other serving django. So Django app would be http://localhost:8000/ and the assets server would be http://localhost:3000/ and we set STATIC_URL to something like http://localhost:3000/.

Would that work?

willkg commented 6 years ago

Oh, wait--that won't work with browsersync stuff which inserts stuff into the page. Hrm....

pmac commented 6 years ago

Right. If we want to have the fancy "refreshes for you" and things then we need to keep the proxy. If we don't care about that then we can set the STATIC_URL to be e.g. localhost:3000 and have static assets served from there locally. I do see the issue with the OIDC lib generating the callback URI. I wonder if we could have browsersync send a custom HOST header to fool it into sending the right thing. I'll keep looking.

The easy answer might be that we just don't care about the browser-sync fancy refresh stuff and we just use Django directly again.