Replacing auth0 with simple github login

openknowledge-archive / dpr-api

DEPRECATED - Data Package Registry API and Frontend

http://frictionlessdata.io/

MIT License

7 stars 6 forks source link

Replacing auth0 with simple github login #268

Closed subhankarb closed 7 years ago

subhankarb commented 7 years ago

We have Auth0 as out authentication system. We want to implement OAuth authentication replacing Auth0.

Tasks

[x] Implement flask-oauthlib
- [x] Create github app [datopian account] for getting key and secret
- [x] We can directly use openspending's code for flask-oauthlib.
[x] Refactor publisher creation flow
- Change or fix urls for the flow
- Fixing tests
User model change
- [x] Remove column auth0-id from user table
- [x] Add a column about source (e.g. github) and source id (e.g. github id)
[x] Change manager.py script
[x] Change the dpr-deploy script

Acceptance Criteria

[x] You can login to the site with github (and github only for now)
[ ] Your email and key profile information is saved locally and used e.g. in setting gravatar
[ ] You are redirected to dashboard after signup / login
[ ] A publisher is created for you with your username

rufuspollock commented 7 years ago

@subhankarb just flagged we also need to fix the dpr-deploy script.

rufuspollock commented 7 years ago

@subhankarb you'll also need to remember to change deploy config on next deploy (probably when we merge dpr-js stuff in frictionlessdata/dpr-js#119)

rufuspollock commented 7 years ago

Reopening:

Sign in experience

The sign in / sign up buttom takes you to a github page immediately with no context. You need at least some intervening page or modal that is our "sign up" page that says something like: "Sign up with your github account".

See hackmd.io for a good example.
Note hackmd.io just have "sign in" (no sign up) which right now may be all we need

Bug in signin

I tried signing in and got:

{
"error_code": "GENERIC_ERROR",
"message": "'NoneType' object has no attribute 'encode'"
}

subhankarb commented 7 years ago

@rufuspollock about the error 'NoneType' object has no attribute 'encode'. I did not handled for private email. If the user makes the email private we can not get it. And code is not handled for empty email address.

pwalsh commented 7 years ago

goodtables.io has a signin flow for GitHub, for your reference, which deals with inaccessible emails, seeing as we are still somehow avoiding copy/paste of a tested and working OS auth implementation.

BTW, as the GitHub auth API does not guarantee that it provides emails, you obviously can't rely on sending welcome emails and so on. I still contend that this is not a problem, and is in fact quite common in oauth backed signin flows.

subhankarb commented 7 years ago

@pwalsh thanks. I just found it. and FIXED.

rufuspollock commented 7 years ago

@pwalsh is there a ref for the goodtables implementation.

pwalsh commented 7 years ago

https://github.com/frictionlessdata/goodtables.io/blob/master/goodtablesio/auth.py

And blueprint for handling flow.

subhankarb commented 7 years ago

@rufuspollock added github icon in signin button

rufuspollock commented 7 years ago

FIXED.

Note we are still not getting a guaranteed user email -- only getting an email if it is public.

Reason and solution for this is in http://stackoverflow.com/questions/35373995/github-user-email-is-null-despite-useremail-scope

To get private emails we need to call:

GET https://api.github.com/user/emails