Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove unused auth methods #989

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove unused auth methods #989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file removed docs/assets/e-mission-both/google_auth_client_id_creation_screen.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/assets/e-mission-both/google_auth_client_id_selection.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/assets/e-mission-both/google_auth_client_id_success.png
View file
Open in desktop
Binary file not shown.
Binary file removed docs/assets/e-mission-both/google_auth_screenshot.png
View file
Open in desktop
Binary file not shown.
65 changes: 0 additions & 65 deletions docs/install/configuring_authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,68 +92,3 @@ In [2]: token_list = [t.strip() for t in raw_token_list]

In [3]: print token_list
```

### `openid_auth`/`openid-authutil` ###

If you want to use a more full-featured authentication server, you could consider integrating with an [OpenID]() server. This will generate JWTs, short lived tokens that are refreshed when needed, and depending on the server, support a rich set of features. To configure the **server** for OpenID, see `conf/net/auth/openid_auth.json.sample`. To configure the **phone** for OpenID, see `www/json/connectionConfig.openid.json.sample`, and the [associated README](https://github.com/e-mission/cordova-jwt-auth/blob/master/README.openid.md)

### `google_auth`/`google-authutil` ###

This option uses JWTs using the google identity solution with [cross-client authentication](https://developers.google.com/identity/protocols/CrossClientAuth#accessTokens). The JWTs are decrypted using google's public keys and decoded using the `google-auth` library.

- If you are deploying a new UI on the existing e-mission app, you need to ask me to generate google client keys.
- If you are deploying your own app, register your app in the google developer console and generate your own client keys.

#### Configuration ####

- create `android`, `ios` and `web application` credentials in the same project at https://console.developers.google.com
- use the `web application` key for android
- use the `ios` key for iOS, but encoded into the native app as a URL type
- the `android` key is not used directly, but is required to be in the project to allow the android authentication to proceed

![Google Auth Screenshot](../assets/e-mission-both/google_auth_screenshot.png)

If you have just created a set of keys, you can just duplicate them to make the old and new keys - e.g. in `conf/net/auth/google_auth.json`



```
"client_key_old" : "11111111111-aaaaaaaaaaaaaaaa.apps.googleusercontent.com",
"client_key" : "11111111111-aaaaaaaaaaaaaaaa.apps.googleusercontent.com",
"__comment": "iOS client key to handle the fact that the google iOS API does not work. The open source API does not take the webclient app, so we have the iOS client ID here.",
"ios_client_key" : "11111111111-iiiiiiiiiiiiiiii.apps.googleusercontent.com",
"ios_client_key_new" : "11111111111-iiiiiiiiiiiiiiii.apps.googleusercontent.com",
```

#### More details/FAQ ####


1. **Q:** Can I use google auth with the devapp in order to test my development changes end to end?

**A:** Yes! But you still need to get tokens from me because the native app needs to have the right keystore/client ID configured in the URL schemes.

2. **Q:** How do I get the tokens from you?

**A:** Send me your GPG public key, including [create](https://www.gnupg.org/gph/en/manual/c14.html) and[ exporting ](https://www.gnupg.org/gph/en/manual/x56.html)if needed. I will send you an encrypted client `connectionConfig.json` file. You can copy the values from the client file to the server file.

3. When generating my own tokens:
1. **Q:** For android, do we use `webapp` or `android` as application type?

**A:** `Web application`. You need to use the same web application clientID in both the client json and the server json. And unless you are planning to roll your own native app, you need to get the keys from me. Otherwise, the keystore that is configured for the project will be incorrect, and the auth won't work.

1. **Q:** How do I configure the `webapp`? Do I have to add a redirect URL?

**A:** See screenshots below. You do not need to add any restrictions since we are not really using a browser for authentication. We are using cross-client authentication using native code in a mobile app.

| Selection | Configuration | Success |
| -------- | ------------- | --------|
| ![Selection](../assets/e-mission-both/google_auth_client_id_selection.png) | ![Configuration](../assets/e-mission-both/google_auth_client_id_creation_screen.png) | ![Success](../assets/e-mission-both/google_auth_client_id_success.png) |

2. **Q:** For ios, do we use `webapp` or `ios` as application type?

**A:** `iOS`. Again, you need to use the same ID in both the client json and the server json. And unless you are planning to roll your own native app, you need to get the keys from me. Otherwise, the URL scheme(s) that are configured for in the app will be incorrect, and the auth won't work.

3. **Q:** By “client_key”, do you mean `clientID` or `clientSecret`?

**A:** `clientID`