SDK SSO Login Refresh Token #22427
NilsBaumgartner1994
started this conversation in
Feature Requests
Replies: 1 comment
-
Current hacky solution to pass
Create custom endpoint:
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Summary
So as of #21239 the SSO login method changed to session by default:
How to revert this? Or how can i login in my native app via SSO using the sdk?
My current approach was to redirect to the app and passing a refresh_token, which currently no longer is possible since i only get the "directus_session_token"?
Maybe also consider updating the Doc: https://docs.directus.io/reference/authentication.html#request
To add a hint, that SSO has a different mode.
Basic Example
No response
Motivation
The support for SSO login in native apps is rising as of multiple issues listed.
Detailed Design
As there is a security issue exposing the token in the URL i would propose to add a whitelist of allowred redirects with exposing the refresh_token in the url, so that native apps using deep link can access it.
An in-App Browser is also not a secure option, as it could be mocked.
Requirements List
Must Have:
Could Have:
Drawbacks
Alternatives
Adoption Strategy
Unresolved Questions
No response
Beta Was this translation helpful? Give feedback.
All reactions