search

superfly / edge

A set of useful libraries for Edge Apps. Run locally, write tests, and integrate it into your deployment process. Move fast and maybe don't break things? Because, gosh darnit, you're an adult.
https://fly.io
Apache License 2.0
142 stars 10 forks source link

Google authentication #30

Open jeromegn opened 5 years ago

jeromegn commented 5 years ago

Protect some routes via a 3rd party auth system (in this case: Google.)

We had that with the old platform (sites), pretty sure it would still be useful.

nprail commented 5 years ago

I once made a POC of this sort of thing with Node.js. I'd be willing to share that code if interested.

jeromegn commented 5 years ago

@nprail sure, anything would help. There's probably a lot that won't work since we can't use the Crypto API from node.js (I'm assuming we'll have to sign some JWTs for Google).

But we already have the sjcl package which can probably do a lot of what we need. Until we have a more complete Crypto API (from the Web API.)

nprail commented 5 years ago

@jeromegn Here is the code: https://github.com/nprail/static-auth-poc

It was a POC for improving auth on Surge.sh so some things would have to be modified. For example, it doesn't do Google login. It just has a static username and password in it. I think the login server piece of the POC can be completely replaced by an OAuth provider.

This is the basic flow:

  1. The user goes to a password protected site (e.g. protected.example.com)
  2. The user is redirected to the Login Server and logs in (which redirects to Google or any other provider for login)
  3. The user is redirected back to protected.example.com with the new JWT token stored in a cookie
  4. The JWT token is then used to verify that the user has access to the site