search

politics-rewired / Spoke

Politics Rewired's fork of Spoke
GNU General Public License v3.0
35 stars 17 forks source link

Use session-based Spoke Portal magic link #1638

Open bchrobot opened 1 year ago

bchrobot commented 1 year ago

Is your feature request related to a problem? Please describe.

https://github.com/politics-rewired/spoke-portal/pull/165 adds support for authenticated magic link sessions. This changes requires a JWT query parameter in the link provided to Spoke users.

Describe the solution you'd like

Spoke needs to update the tcrBrandRegistrationUrl field to include this JWT:

https://github.com/politics-rewired/Spoke/blob/e3b9e7886f530c3c92101503f46a0c9f773b8916/src/server/lib/notices/register-10dlc-brand.ts#L106-L113

This will required:

  1. Adding an envvar for the signing secret shared between Spoke and Spoke Portal
  2. Adding a root resolver for Notices to support fetching a tcrBrandRegistrationUrl at runtime when an admin user clicks the Notice call-to-action. This is because the generated JWTs should have an expiration of only ~30 seconds for security.

Describe alternatives you've considered

N/A

Additional context

N/A