Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After Login Success API Calls using access token from Oauth2 providers #61

Open
afdecastro879 opened this issue Nov 22, 2017 · 2 comments
Open

After Login Success API Calls using access token from Oauth2 providers #61

afdecastro879 opened this issue Nov 22, 2017 · 2 comments

Comments

@afdecastro879
Copy link
Contributor

I've been struggling a little bit finding a way to use the access token for after-login-success API calls to Github and Bitbucket providers. Is there a way I can use the access token, send it somewhere in my code to be saved?

I've seen #8 seems to be the solution to this problem using a post login call back. Will this issue be solved on the short term? Does someone know a way I can actually do a workaround in the meantime? I'm also open to eventually do a contribution but I don't know where or how to start. Any ideas?

Thanks a lot
@smancke
Copy link
Member

smancke commented Nov 22, 2017

Hi @afdecastro879 There is currently no solution for that and I will not have the time to implement it soon. So I would very welcome a PR on it :)

I think it is rather simple to do a post login callback, but there are multiple possible ways to do this:

  1. Some global function, to register some go code. which is called after a sucessful login.
  2. An http-url which gets a POST
    (Since the second one could just be an implemented using the first one, it's maybe better to consider it in a second step)

I would provide to the callback a rather big set of information:

  • The user object
  • The raw token
  • The result of a GET userprofile call from the upstream services
    Because this information looks different for every OAuth provider, I would not create special Golang structs for each provider, but just give the callback the raw JSON data.

The callback could be called in this line:
https://github.com/tarent/loginsrv/blob/fc82c689a6dcf178ae4786bf8cfcd3159da8bcc8/oauth2/manager.go#L61
Because we have the token there, the UserObject from the original implementation and the GetUserInfo already returns the rawUserJson parameter.

The callback also could return

  • a modified/extended user object and
  • a parameter, if the user should still be considered as authenticated

Further: To be consistent, it would be good to provide the callback functionality also for the non OAuth Login Backends. For them, the callback could also be called here:
https://github.com/tarent/loginsrv/blob/fc82c689a6dcf178ae4786bf8cfcd3159da8bcc8/login/handler.go#L347

It would be very cool, if you get your hands on this! See the above just as an idea .. there may also be smarter solutions ..

@afdecastro879
Copy link
Contributor Author

@smancke I just have the time again to look at this issue. I have some questions

  1. When you say:
    "An http-url which gets a POST
    (Since the second one could just be an implemented using the first one, it's maybe better to consider it in a second step)"
    Does It mean let the user provide a url to call once the authentication is complete? If that's the case I think I can add a new directive to the CaddyFile like:
login {
   ...
   callback_url: <URL to call>
   ...
}
  1. I think should be important to run the global callback function using another thread something like:
go callbackFunction()
return false, true, userInfo, err

So the callback does not become blocking if the callback operation takes too much time.

What do you think? Let me know so I can clarify the ideas around the issue and start getting my hands on this

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smancke @afdecastro879