Open gregorykan opened 6 years ago
i'm interested in understanding the goals here - as i understand it, we want to be able to log into both Loomio + Cobuy with one login / form?
ok so LOL this has nothing to do with holodex which is what i originally thought.
@iainkirkpatrick dex is an oauth provider - you probably already knew this
chatted with @ahdinosaur , this ticket now simply involves setting dex up, with actual integration coming later
ok cool :)
Correct! And styling it with tapin branding. Should say “tapin login” we can also set up loomio with it.
ok so briefly read over the dex docs - this is def stuff i haven't touched before. not to say that it will be easy / hard (looks interesting!) but i'm quite fuzzy how this is gonna work, esp with Loomio integration. Is this something we need before the first deadline?
In theory it’s just another oauth2 provider that we give credentials to loomio team for.
Regarding do we need this. Short answer, yes. It’s badically what makes our dolution a complete solution rather than collection of seperate solutions
hmmm ok re-reading i think i understand more... dex can act as an oAuth provider and issue tokens as FB, GH etc would. the idea then would basically be that all Tapin users must use this type of credential to log in? i.e. a dex 'Tapin' token. so we wouldn't have any other providers (FB, GH) that folks could log in with? i can see how that makes sense
@iainkirkpatrick correct
found this blog talking about open ID connect https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1
ok, been grokking a bunch of Dex stuff today. i'm now at the point where i'm wondering - why are we wanting to roll Dex if we aren't wanting users to be able to sign in with other OIDC / identity providers like Google, Github etc? Wouldn't it be simpler to use a nodejs oauth server? Or am i missing some benefits of dex... it seems heavy-handed? (and i can't fully work it out but possibly missing some features like password reset?)
tagging @ahdinosaur @agentlewis
From my point of view:
However the requirement is:
had a chat with @ahdinosaur briefly - gonna suss out whether node-oauth2-server is a better fit, probably as part of another specific dogstack app that handles identity. with the emphasis as @agentlewis pointed out above of being an MVP solution :) potentially we use dex in the future as part of this
@iainkirkpatrick I am not to fussed what we use so long as we can get it up quick. I am obviously biased towards creating another dogstack app, if we can do it quick :) and that it takes care of all the standard flows on desktop and mobile and lastly that it is secure.
Also want to name the goal here is to have Single Sign On - SSO as I hadn’t named it above.
or... after reading a bit more... we could use dex, and roll our own OIDC server :D by roll our own i mean use https://github.com/panva/node-oidc-provider tho still not sure i'm fully understanding what the benefits of OpenID Connect over oAuth2 are, apart from 'it provides identity'
thought dump:
node-oauth2-server
doesn't really conform to how i understand using feathers works...
app.oauth
like the docs suggest, but outside of a service, and then just call on the .oauth
methods in normal services?@iainkirkpatrick
Note the requirement for a provider is specifically for other apps to use:
I don’t think this ticket is worth progressing if it doesn’t solve this. Ie we just deal with the fallout of people logging into tapindecide using a passwordless system and tapinbuy with a password.
Not sure if that helps...
@agentlewis yep i see using a single provider as solving that problem :) what do you think about all the Tapin apps sharing a single profile? that would be an optional, extra piece as i imagine the cost to change Loomio to deal with that would be not insignificant...
Shared profile would be amazing - I think we can prep it by getting it working with cobuy and than workout with loomio what it would take to make it work for them. Probably a weeks work.
@ahdinosaur @agentlewis might need a bit more context/specificity for this one