Support SSO (Single Sign-On) #64
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lebaudantoine
force-pushed
the
sso
branch
5 times, most recently
from
e3897c5 to
8d603a9
Compare
Woopsi. I forgot to update the package description while bootstrapping the project. Fixed!
mozilla-django-oidc now supports a 'returnTo' parameter for redirecting to a specificURL upon successful login. if not provided, it defaults to the settings-defined URL. This allows initiating the login flow from any views, enhancing UX by returning users to their previous page. The 'returnTo' naming can be discussed.
Silent login attempts to re-authenticate the user without interaction, provided they have an active session, improving UX by reducing manual auth. It's an essential feature to really feel the SSO in La Suite. A new query parameter, 'silent', allows the client to initiate a silent login. In this flow, an extra parameter, 'prompt=none', is passed to the OIDC provider. The requested flow is persisted in session data to adapt the authentication callback behavior. In a silent login flow, an authentication failure should not be considered as a real failure. Instead, users should be redirected back to the originating view. A silent login fails when user has no active session. Why return the 'success_url'? The 'success_url' will redirect the user agent to the 'returnTo' parameter provided when requesting authentication. It's necessary to enable a silent login on any URL. Minimal test coverage has been added for these two custom views to ensure correct behavior.
Enhanced the authentication URL generation to support 'silent' and 'returnTo' query parameters. This allows initiating a silent login and specifying a custom return URL after auth.
|
Thanks Antoine for this! Should be better now visually. Can you try again @lebaudantoine? |
This commit is totally work in progress. @manuhabitela the floor is yours. If the user is logged-out, try silently log-in her every hour, to avoid any manual login on her side. The one hour value has been discussed with @manuhabitela, but there is no real logic behind it. Could definitely be shorter or longer. It needs at least to be longer than the average silent login flow to avoid locking the user-agent in an infinite redirection loop.
the issue was we return the fetchUser promise to react query too early (before the browser reloaded the page). now we make sure react query doesn't get the info
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
Offer SSO to our users.
Proposal
It closes #26. Take a look at the ticket 👀
Cleaned the POC discussed in #32, and added some tests on the backend.
Feel free to drop my last commit and build the frontend as you want. I encountered a "blinking" issue and suggest that we intercept all routes with an authentication middleware on the frontend. This middleware could display a loading spinner until we can confirm the user's login status.
Edit: your commit would probably fix the blinking issue.
Edit 2: It did not