Open haraldschilly opened 2 years ago
Actually, I implemented OAuth1 support, https://github.com/belonesox/cocalc/tree/belonesox-oauth1
and tested on my mediawiki with OAuth extension, even drop some instruction for the case. http://wiki.4intra.net/Blog:StasFomin/Connect_Cocalc_by_OAuth_with_MediaWiki_(MediaWiki4IntraNet)
But I am not ready to merge, I need to test all kind of OAuth authorizations… and I now dont understand architecture well.
For example, let discuss table passport_settings
.
Is there is not possible how have, two or more strategy of one type with different parameters.
For example two oauth1 or oauth2 providers?
Because unique constraint on database forbid it.
Is it bug or feature?
hello @belonesox … in https://github.com/sagemathinc/cocalc/pull/5790 I started to clean up all of this, and adding a new column for that database table, to pull apart the settings for cocalc and the ones for passport. I've also improved the typescript definitions for the fields in the jsonb objects, to make this clearer. To your question, yes sure, it is possible. Only the "strategy" column is a unique string, but you can call it as you like. I would use a short lowercase name, that resembles whatever this is pointing to. The conf.type
entry defines which passport strategy constructor to use, i.e. in auth.ts
there is extra_strategy_constructor
, which gets this type
as an argument. e.g.
strategy | conf
-------------+---------------------------------
test1 | {"type" : "oauth1", ...}
acme | {"type" : "oauth1", ...}
dataschool | {"type" : "saml", ...}
...
hub's
auth.ts
has a case for OAuth2, whereif (userinfoURL != null) { ... }
defines a.userProfile
method. This overwrites https://github.com/passport-next/passport-oauth2/blob/master/lib/strategy.js#L288 … and well, this code by itself might or might not work 100%, but it's at least a vital step.However, there is nothing like that for OAuth1.
The goal of this ticket is to refactor this a bit and add something like
userinfoURLOAuth1
to code a similar case.… and well, after reading the code, I wonder how the profile information from defining this
userProfile
callback even gets into thelogin_opts
object to be used by cocalc. So, this ticket is a bit vague and needs some investigation.