Open osteele opened 6 years ago
@jwb and @osteele discussed using the cookie-based authentication documented here for single-sign-on across olin.build subdomains.
olin.build
For this to work, something like this would be necessary:
In abe/auth/__init__.py, modify:
abe/auth/__init__.py
response.set_cookie('app_secret', shared_secret) to: response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))
response.set_cookie('app_secret', shared_secret)
response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))
Document AUTH_COOKIE_DOMAIN as appropriate.
AUTH_COOKIE_DOMAIN
Set AUTH_COOKIE_DOMAIN to olin.build in production (but, probably not, dev).
Questions:
Does response.set_cookie accept domain=None, or does it need a different value in order suppress the domain?
response.set_cookie
domain=None
Will this break clients that aren't served from *.olin.build domain? Maybe the domain should only be set if the referrer is a subdomain.
*.olin.build
@jwb and @osteele discussed using the cookie-based authentication documented here for single-sign-on across
olin.buildsubdomains.For this to work, something like this would be necessary:
In
abe/auth/__init__.py, modify:response.set_cookie('app_secret', shared_secret)to:response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))Document
AUTH_COOKIE_DOMAINas appropriate.Set
AUTH_COOKIE_DOMAINtoolin.buildin production (but, probably not, dev).Questions:
Does
response.set_cookieacceptdomain=None, or does it need a different value in order suppress the domain?Will this break clients that aren't served from
*.olin.builddomain? Maybe the domain should only be set if the referrer is a subdomain.