search

rollthecloudinc / quell

Climate aware CMS breaking web apps free from carbon emissions.
https://demo.carbonfreed.app/pages/create-panel-page
GNU General Public License v3.0
14 stars 1 forks source link

Replace auth system #8

Open verti-go opened 3 years ago

verti-go commented 3 years ago

AuthProvider plugin

AuthProvider

interception pipeline -- factor out -- move to generic higher mod?

interceptors become plugins -- register interceptors -- provide rules to apply interceptors.

interceptors that alter outgoing request - "pre" interceptors that alter incoming data - "post"

-- druid:http

http module: exposes two plugins 1.) PreprocessInterceptor 2.) PostprocessInterceptor

http -> (preprocess int) [...plugins] -> request http -> (postprocess int) [...plugins] -> response

module that wraps http requests and responses with change pipeline using plugins.

No reason to support anything but json tokens. If you aren't using json web tokens (jwt) you are a moron. I'm not going to write code to facilitate your stupidity. I might make the plugin generic enough to support that.

state stateless

login

shared user attributes across vendors

Multiple vendors can share the same strategy - like oauth

auth strategy - plugin (auth strategy)

Auth strategies will be dependent on different libs.

Always should have the option to override strategy and provide own custom strategy.

verti-go commented 3 years ago

module authclient, plugin: authclient<t>{ constructor: <t>, preInterceptors: Array<callable<...>>, postInterceptors: Array<callable<...>> }

module oidc, deps: authclient, plugin(authclient): oidcclient{}^authclient

module cognito, deps: oidc

other:

windbeneathyourwings commented 2 years ago

Much of this has been resolved.

New module oidc has been created. Oidc implementation pieces inside auth have been removed and placed inside oidc instead. The auth module now provides only shared code between all implementations like the auth state / user model. The oidc module owns the feature that interacts with oidc-client through effects originating from auth. This architecture provides a nice, clean extensible starting point. The token intercpetor has also been moved inside oidc client because it seems most appropriate to live there for now.

The last part of this is to figure out how to deal with the cookies. The cookies are not oidc spec. The cookies are purely for cognito based logins. Therefore, I think it makes sense to consider a cognito module that will own an effect to add the cookies. Although the cookie data array still remains as part of the top level auth state because I think it makes sense there. Cookies are something other vendors could implement.