Open jeromegn opened 5 years ago
I once made a POC of this sort of thing with Node.js. I'd be willing to share that code if interested.
@nprail sure, anything would help. There's probably a lot that won't work since we can't use the Crypto API from node.js (I'm assuming we'll have to sign some JWTs for Google).
But we already have the sjcl
package which can probably do a lot of what we need. Until we have a more complete Crypto API (from the Web API.)
@jeromegn Here is the code: https://github.com/nprail/static-auth-poc
It was a POC for improving auth on Surge.sh so some things would have to be modified. For example, it doesn't do Google login. It just has a static username and password in it. I think the login server piece of the POC can be completely replaced by an OAuth provider.
This is the basic flow:
Protect some routes via a 3rd party auth system (in this case: Google.)
We had that with the old platform (sites), pretty sure it would still be useful.