Extension dropdown page auth login.

[bdougie]

This should be a simple interactions to grab a JWT and add to the dropdown.

I can get @getaheaddev to design the chrome extension dropdown.

[0-vortex]

We can test **.github.com/** for redirect strings on beta

[diivi]

Are we adding a Signin with GitHub button, or using the PAT like we did in our demos? If we are integrating with OpenSauced auth, how can we go about doing that?

[0-vortex]

Are we adding a Signin with GitHub button, or using the PAT like we did in our demos? If we are integrating with OpenSauced auth, how can we go about doing that?

Generating and using a PAT for the extension is the safest all-round way of doing it, since ay extension mistakes or hijacking would be visible through token usage, however both methods can be explored for knowledge sharing purposes 🍕

[diivi]

Okay, I can start working on this with PAT login.

[diivi]

Here's an auth flow I made for my demo, let me know what can be improved, we haven't made a solid design decision yet too @Anush008

[Anush008]

@diivi, I've used Supabase's auth flow by redirecting to /auth/v1, followed by a check for the session-cookie. The session holds the auth-token for API calls. https://user-images.githubusercontent.com/46051506/232797763-699ea9ac-fd09-4cbc-b25c-5c17a987e53b.gif

[diivi]

@diivi, I've used Supabase's auth flow by redirecting to /auth/v1, followed by a check for the session-cookie. The session holds the auth-token for API calls

@0-vortex, what do you think of this, security-wise? I'll try to look at the code once I have access to Anush's repo.

[0-vortex]

@diivi, I've used Supabase's auth flow by redirecting to /auth/v1, followed by a check for the session-cookie. The session holds the auth-token for API calls

@0-vortex, what do you think of this, security-wise? I'll try to look at the code once I have access to Anush's repo.

IMHO we should set up that but on the development SupaBase, and try to enable another redirect url like https://**.github.com/** from the beta branch (of either insights or hot endpoints) - if that works it would simplify the log in by a lot 🍕

[diivi]

IMHO we should set up that but on the development SupaBase, and try to enable another redirect url like https://**.github.com/** from the beta branch (of either insights or hot endpoints) - if that works it would simplify the log in by a lot

Can you help me understand how to set this up, like where I can learn more about how authentication currently works in OpenSauced? I did it through PATs and Anush did it by redirecting directly to the authentication URL, and then checking for the presence of an access token in the cookies.

[diivi]

It was decided that we will use the user's PAT to log them in, sort of like the flow I mentioned here - https://github.com/open-sauced/browser-extensions/issues/8#issuecomment-1513021157. I can move forward with the same design I used in my submission, and maybe later when we have a consistent design system, we can edit everything.

[github-actions[bot]]

:tada: This issue has been resolved in version 1.0.0-beta.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

[github-actions[bot]]

:tada: This issue has been resolved in version 1.0.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: