Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Jan Olszak
    @janekolszak
    It will be a "single point of failure" thing, but sending emails doesn't seem critical.
    Matt Vinall
    @boyvinall
    ok thanks
    BTW, I’m disappearing on holiday for a bit soon, so will go a little quieter, but I still have some stuff I need to get done so might chip in a few bits
    The SPOF thing will be important to me, but I’ll have to roll out an initial production which has many SPOFs
    Jan Olszak
    @janekolszak
    So I implemented email validation and password reset and switched on RethinkDB in example/form-with-rethinkdb
    Next I will add the register/reset/validate endpoints in such a way that:
    • Every request goes through FormAuth that will parse the form and call UserDB
    • FormAuth will parse a templates from a given directory
    • There are going to be some predefined template names like: error.html, login.html, register.html etc. that will be rendered when WriteError(...), WriteLogin(...) etc will be called
    Jan Olszak
    @janekolszak
    Let me know if you oppose
    Jan Olszak
    @janekolszak
    I just merged handling /register endpoint that sends verification emails
    Other endpoints will be handled like /register
    • Data from the request parsed into a structs
    • Struct gets validated
    • Data is handled by the provider
    I resigned from passing validating regex for usernames
    It's all handled by govalidator now
    This week I will be on holidays, so I can only merge PRs :)
    Matt Vinall
    @boyvinall
    Thanks @janekolszak, I’ll be back from holidays next week, so I’ll start catching up again :)
    Jan Olszak
    @janekolszak
    @/all I have to change my plans regarding this library. I won't have time to create an all purpose idp provider so I'll only leave the "core" functionality
    I started integrating my service with idp and it turned out much of the code had to be rewritten.
    fazal
    @faxal
    @janekolszak :+1: Rest is usually very use-case specific anyway.
    fazal
    @faxal
    Is it possible to set ext? if so where
    Jan Olszak
    @janekolszak
    ext?
    fazal
    @faxal
    Extra session data so that it gets returned with firewall check. I'm not sure where exactly to set that
    Jan Olszak
    @janekolszak
    Is it in the challenge? I don't have the code now.
    fazal
    @faxal
    I think my understanding is not correct. Let me dig a little deeper and get back.
    Jan Olszak
    @janekolszak
    I see sub where user's id is put. This way when you get the token it's possible to see whose token is it.
    If you need some other data I'd save it in some store backend and retrive with user id
    fazal
    @faxal
    For my case I needed a bit more info from IDP, 2 or 3 more ID's along with subject. Saves two more calls per request.
    Jan Olszak
    @janekolszak
    so just save put "id1 id2 id3" into the userid passed to challenge and later you'll have to split it into 3 ids
    fazal
    @faxal
    That will work, but right now I'm maintaining an internal fork with an extra parameter in GrantAccessToAll
    to set at_ext
    As Warden already supports that
    fazal
    @faxal
    I haven't come up with a good API for public yet. As at_ext is only an exceptional case, you can't keep that as a required parameter.
    What do you think?
    Jan Olszak
    @janekolszak
    Well we can have several GrantAccess* methods
    For example there should be a method that grants access only to a subset of scopes
    So if you have a valid use case to set at_extgo ahead and add it to idp
    Jan Olszak
    @janekolszak
    Let me know if you want to send a PR with at_ext. I will be making a major refactoring and it would be best for you to do it before i shuffle things around.
    fazal
    @faxal
    I didn't actually need it in the end, so I reverted changes and I'm sticking with upstream.
    Jan Olszak
    @janekolszak
    @/all I will be making a fuck-all refactoring that will break your code. Sorry for that.
    In order to prevent build breaks add the 0.1.0 version in your dependency management
    Jan Olszak
    @janekolszak
    Refactoring is done in v0.2.0
    Matt Vinall
    @boyvinall
    Thanks Jan. I’ve been pretty quiet in here since I’ve got an initial thing running, but I’ll get back to this again probably in a few weeks.
    Jan Olszak
    @janekolszak
    Same here. I just wanted to clean things up
    Jan Olszak
    @janekolszak
    Release 0.3.0:
    • IDP.Connect() accepts verifyTLS bool argument
    • Added Challenge.Update() method for updating Challenge in several requests.
    Jan Olszak
    @janekolszak
    There will be an update of idp's dependencies this weekend.
    Jan Olszak
    @janekolszak
    Release 0.4.0 for Hydra 0.5.2
    Alexander Weiher
    @aweiher
    @janekolszak can I use IDP also for user registration?
    i found this repo which seems a good starting point for implementing IPS https://github.com/boyvinall/hydra-idp-form
    Alexander Weiher
    @aweiher
    do you know any other examples to start?
    Jan Olszak
    @janekolszak
    I use this project for login upon registration, yes
    Implementation is described in the readme and is tested with the latest Hydra. I'm not sure error handling is ready in the IDP, but there's still time to fix this since Hydra is still in beta
    You may ask @boyvinall about his project
    @aweiher There's also https://github.com/janekolszak/gin-hydra if you choose gin framework