Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Apr 21 11:45
    camfou closed #355
  • Apr 21 11:44
    camfou closed #356
  • Apr 21 11:44
    camfou closed #373
  • Feb 25 2019 12:11

    christiansmith on master

    Archival notice (compare)

  • Dec 05 2018 20:24
    hardiked commented #298
  • Nov 07 2018 14:48
    fkubis commented #316
  • Oct 26 2018 21:38

    tomkersten on master

    fix : misspell clientId config … fix : misspell redirect_uri Merge pull request #374 from ca… (compare)

  • Oct 26 2018 21:38
    tomkersten closed #374
  • Oct 02 2018 12:05
    coveralls commented #375
  • Oct 02 2018 12:05
    coveralls commented #375
  • Oct 02 2018 12:00
    NicolasBonduel edited #375
  • Oct 02 2018 12:00
    NicolasBonduel opened #375
  • Sep 26 2018 14:40

    tomkersten on oauth2-redirect-uri

    (compare)

  • Sep 26 2018 14:40
    tomkersten closed #367
  • Jun 12 2018 09:03
    camfou commented #368
  • Jun 07 2018 09:26
    coveralls commented #374
  • Jun 07 2018 09:20
    camfou synchronize #374
  • Jun 07 2018 08:21
    coveralls commented #374
  • Jun 07 2018 08:15
    camfou opened #374
  • Apr 26 2018 11:53
    coveralls commented #373
Dmitri Zagidulin
@dmitrizagidulin
there’s been a few discussions on UMA support
maybe on the distant roadmap
what’s the usecase you’re thinking of, for it?
blocka
@blocka
so noone's had an issue with case sensitive emails?
Dmitri Zagidulin
@dmitrizagidulin
hey blocka :) no, you’re right, many people (myself included) ran into the case sensitive issue.
and yeah, the only solution so far is to force-lowercase it before inserting into redis. (and later, when querying)
Roland Quast
@rquast
@blocka it's not dangerous if you use appendonly, but it's certainly fringe bleeding edge use imo
but it's fast and lightweight, so there's good and bad
don't know how it would go with sharding (anvil that is)
Roland Quast
@rquast
I've since forked anvil and made changes like the email one
Roland Quast
@rquast
a heads up for anyone who experiences anvil hanging without any debug output or reason...
when anvil sends redis a command, it waits on a promise that never gets fulfilled if redis is down
redis... unknown to me because it was running which I assumed means it is okay... gave me this nice message which I didn't know about (rather than it bailing out.. it just stays up)
Bad file format reading the append only file: make a backup of your AOF file, then use ./redis-check-aof --fix <filename>
so maybe if you're running your own code for this, implement some kind of timeout for redis and log the issue
Roland Quast
@rquast
ahh hang on, it does bail out, it's just docker restarting it automatically (not a lot of load, so didn't notice it)
quartzadmin
@quartzadmin

Hi guys, I wonder if someone might be able to point me in the right direction. I've setup a copy of the anvil research docker image and have that up and running OK through an nginx proxy container. Its working in conjunction with a separate redis container. I'm using a wildcard SSL certificate in place and It appears to be working OK if I navigate to it in a browser. Responding with...

{"Anvil Connect":"Welcome","issuer":"https://auth.smartdata.co.uk","version":"0.2.0"}.

However, I want to configure the initial setup as indicated here https://github.com/anvilresearch/connect-docs/blob/master/cli.mdbut when I run the command

nvl setup https://auth.smartdata.co.uk/ --token-file /var/www/keys/setup.token

I get the following error...

root@a69777e92ac8:/var/www# nvl setup https://auth.smartdata.co.uk/ --token-file /var/www/keys/setup.token
? Is the SSL certificate self-signed? No
{ Error: write EPROTO 140062888385408:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

at _errnoException (util.js:999:13)
at WriteWrap.afterWrite [as oncomplete] (net.js:883:14) errno: 'EPROTO', code: 'EPROTO', syscall: 'write' }

https://auth.smartdata.co.uk/ does not point to an Anvil Connect server

I'm at a loss as to whats wrong as an independent check with the following command seems fine...

openssl s_client -connect auth.smartdata.co.uk:443 -servername auth.smartdata.co.uk

Anyone have any suggestions?

quartzadmin
@quartzadmin
could it be that there is an issue with wildcard certificates?
scriptjs
@scriptjs
my apologies, are there more docs on clients for anvil? I don’t see much in the way of native support
Are there native clients for iOS or Android?
quartzadmin
@quartzadmin
what node engine version should be running with anvil-connect 0.2.0?
blocka
@blocka
My mobile guys have used generic oidc clients for mobile...I'll have to look up exactly which one
quartzadmin
@quartzadmin
so, I managed to get past the initial error by starting again from scratch. But I'm still getting a similar error trying to run nvl setup.
nvl setup https://auth.smartdata.co.uk --token-file /var/www/connect/keys/setup.token
? Is the SSL certificate self-signed? No
{ Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1042:34)
at TLSSocket.emit (events.js:159:13)
at TLSSocket._finishInit (_tls_wrap.js:639:8) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
https://auth.smartdata.co.uk does not point to an Anvil Connect server
there's definitely a connection to redis, which I read can be an issue. So, I'm left to believe that wild card certificates aren't compatible?
but works in the browser OK, just not nvl
Joelle
@JoelleS_M_twitter
Hi guys, I'm in the middle of evaluating different SSO solutions (currently using Keycloak). I had a question regarding couple of features that are show stoppers for my company. I noticed in the past that there was a discussion about being able to configure multiple login pages based on domain or subdomain. I didn't find a ticket related to it. Was there a decision reached? If so is it possible to do that now? Also the other question is impersonation. Is it available? If not, is it possible to add customization to allow impersonation of other users? and would that customization make it difficult to upgrade to newer releases? If this all documented somewhere please feel free to point me there and I can take a look but I couldn't find any details related to it. Thank you.
Matt Walters
@mateodelnorte
Hi all. Is this project still maintained?
Currently deciding between it and KeyCloak.
Roland Quast
@rquast
I think it's kind of abandoned, but the code still works fine . You need to modify a few of the provider implementations and the oauth2 implementation to make it work properly with odd providers like github, but if you like javascript and how easy it is to debug, it's pretty good.
if you want a turnkey solution, i'd look at keycloak or something else
@JoelleS_M_twitter why are you looking at leaving keycloak out of interest?
Jan Opravil
@opravil-jan
Hello
It is possible to change user password through api call?
I'm trying change user password using user.update but it does not work. Is it possible to change user password through api call?
Joelle Skaff Merwin
@joelle_skaff_twitter
@mateodelnorte
A
@Rquast sorry for some reason accessing this chat on my phone is a mess. Anyway I wanted to say the reason I was considering leaving keycloak is because we need to support multiple login pages which to be able to do require customization that is a sometimes a pain to maintain. Also the other reason because we were trying to implement native google login for mobile as well Facebook ask and that doesn’t work in keycloak at the moment without having to do some work outside of keycloak
Joelle Skaff Merwin
@joelle_skaff_twitter
Sorry for the random tag @mateodelnorte
Roland Quast
@rquast
@joelle_skaff_twitter ahh okay, yes I think anvil is great for customization because the code's so easy to work with. I had to modify it a bit for github to work properly, but I guess it's a lot easier to modify a few javascript files than recompiling class files and packaging the up into jar files with java (keycloak). I recommend anvil if you have the time to spend on working on it. It's great.
@opravil-jan yes, you can change the password via api, but i do that with a realm token through a server to auth server call
@joelle_skaff_twitter debugging is also easy with chrome too.. I can debug it from a docker container with --inspect when I have problems
Joelle Skaff Merwin
@joelle_skaff_twitter
@rquast we ended up sticking with keycloak because one of the main requirements is that there is continuous work on the project and updates and up to date documentation.
Roland Quast
@rquast
@joelle_skaff_twitter Probably a wise decision unless you're prepared to take on the whole project. Good luck with keycloak!
Michał Bogdan
@BogdanMichal_twitter
Hi, was writing my own poor - man's - auth server solely for my apps / organisation and today I've found about anvil ... was wondering if you support roles for users and if so - is recursive dependencies between roles are supported ... so User A has granted role B, B has granted role C, C has granted role D etc... so will user A have granted role D ?
Roland Quast
@rquast
@BogdanMichal_twitter not exactly.. roles are given scopes.. like an admin role would be given an admin and a user scope.. a user role would just be given a user scope. There's no dependencies, but you control the granularity by what scopes a role has.
you use the scopes to check if they're allowed to do something
Ngọc Thanh
@panoti
Is this project still updated?
something is too old
Ngọc Thanh
@panoti
I found anvil is so great, but I wonder why it slow update?