search

nodeSolidServer / node-solid-server

Solid server on top of the file-system in NodeJS
https://solidproject.org/for-developers/pod-server
Other
1.78k stars 303 forks source link

Login user experience #1329

Open rhythnic opened 5 years ago

rhythnic commented 5 years ago

I believe the solid server should move away from the approach of using a new browser window for authentication.

On desktop, the pop up might be blocked by the browser. If it is allowed, the pop up window doesn't contain plugins, so you have to use copy/paste and change windows to use a password manager.

On mobile, the authentication flow is pleasant and works well with password managers. But once finished and the popup closes, the session is not available to the initial window. Refreshing doesn't help. I was unable to login from mobile.

Do you know if a redirect flow would work?

rhythnic commented 5 years ago

Actually, the session is available in mobile. I was testing mobile on the version of solid deployed to solid.community which seems to have a bug that's been fixed in master, and the UX session buttons don't accurately reflect the session state. I looked into solid-auth-client and I can see that the redirect flow is supported, so it's just a question of whether it's the best choice for use in the solid server. I feel the redirect flow is more secure, as it doesn't require copying the password into the clipboard. Please close this issue as you see fit.

jaxoncreed commented 5 years ago

I agree. Solid auth client will soon have a rewrite and the default flow should be redirect.

linonetwo commented 4 years ago

When SoLiD panel opened in an electron app, the main window will errors after popup appears:

solid-auth-client is listening to https://localhost:50110 so ignored a message receive from undefined.

I add logs to solid-auth-client.bundle.js:

async _handleMessage(e) {
                let {data: t, origin: n} = e;
                console.log('origin', n)
                console.log('this._clientOrigin', this._clientOrigin)
                if (n !== this._clientOrigin)
                    return void console.warn("solid-auth-client is listening to ".concat(this._clientOrigin, " ") + "so ignored a message receive ddddddd from ".concat(n, "."));
截屏2020-01-27下午4 58 39

It is pretty weird. Hope there can be a rewrite soon.

jaxoncreed commented 4 years ago

@linonetwo Yep agreed. Though I believe there is something you can do will solid-auth-client now. Let me do a bit of digging and get back to you.