Open gvseghbr opened 8 years ago
gvseghbr
commented
8 years ago gvseghbr
commented
8 years ago Big step! User is now able to login using his/her Google Account. If the browser already knows the Google Account, the web-ui takes this into account.
merlijn-sebrechts
commented
8 years ago The g+ ID will be a config option of the hauchiwa so you can pass it to the hauchiwa on creation or update the hauchiwa config file after creation. Any idea for the format of this option? Best to future-proof this so it will be easy to add other auth methods:
h-mesebrec:
authorized-users: |
[
{"type": "Google", "id": "<google id user 1>", "permissions":"full"},
{"type": "Google", "id": "<google id user 2>", "permissions":"full"}
]To make it really future-proof, I think we will need more info about the authentication method. Perhaps the full url that is used by the backend will suffice?
In this case: https://www.googleapis.com/oauth2/v3. With this we have the version information as well.
merlijn-sebrechts
commented
8 years ago h-mesebrec:
authorized-users: |
[
{"type": "openid-connect", "url": "https://www.googleapis.com/oauth2/v3", "id": "<google id user 1>", "permissions":"full"},
{"type": "openid-connect", "url": "https://www.googleapis.com/oauth2/v3", "id": "<google id user 2>", "permissions":"full"}
]However, I'm not sure what to do with https://www.googleapis.com/oauth2/v3. What I need is the client ID. (186954744080-m8egj67pube80m9edfpf8isj4kn3lu38.apps.googleusercontent.com)
merlijn-sebrechts
commented
8 years ago A summary of our conversation:
The hauchiwa uses the token to verify the user. The Hauchiwa does not know which Hauchiwa the user thinks he is communicating with. Because of this, a rogue Hauchiwa can take over all the user`s Hauchiwa's.
gvseghbr
commented
8 years ago merge with openID-connect branche done.
This includes all the token-id stuff and user login via Google.
merlijn-sebrechts
commented
8 years ago merlijn-sebrechts
commented
8 years ago 