mrbdahlem / commit

LTI integration for GitHub
0 stars 0 forks source link

add oauth path accessible to lti logins for getting/updating oauth tokens #5

Open mrbdahlem opened 5 years ago

mrbdahlem commented 5 years ago

when logging in via lti, check if user (instructor or student) has an oauth token saved. if so, verify it with github. if either fail, open an iframe to allow user to update the token.

mrbdahlem commented 5 years ago

once update is complete, then allow the user to continue on... save original lti target in session

mrbdahlem commented 5 years ago

need to add new controller and new security config for this auth path?

mrbdahlem commented 5 years ago

iframe pop up in bootstrap modal:

$('#myModal').modal({backdrop: 'static', keyboard: false})

https://stackoverflow.com/questions/22207377/disable-click-outside-of-bootstrap-modal-area-to-close-modal

iframe won't work for the auth, but having the modal contain a button that opens a new window should... the redirect will verify the token received then say "close this window". Everything could be handled with a new controller requiring oauth login that saves and verifies the tokens received.

window.postMessage() should allow signaling back to the lti window that a token has been received. https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

mrbdahlem commented 5 years ago

https://tools.ietf.org/id/draft-ideskog-assisted-token-00.html#assisted-token-request

won't work. instead: https://www.kmaschta.me/blog/2017/03/04/github-oauth-authentication-without-server/

mrbdahlem commented 5 years ago

Need to refactor all oauth and user entities... having multiple paths doesn't seem to be possible/easy.

Two types of users... web/lti both link to a third entity, the github user

web users are created via web sign up, are owners of the courses, need to be enabled

lti users are created when they arrive via lti. if they have instructor role, treat as owners of the course. if they have a learner role, create an lti user if necessary, add to session, and then proceed to oauth if necessary

Both paths require logging on via github before continuing. Logging on via github links the user with a github account. The github accounts are stored separately, multiple user (1 web and n lti) can be attached to the github account.

mrbdahlem commented 5 years ago

https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-2/

CustomOAuth2UserService