Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post login callbacks #8

Open
smancke opened this issue May 4, 2017 · 5 comments
Open

Post login callbacks #8

smancke opened this issue May 4, 2017 · 5 comments
Labels
enhancement

Comments

@smancke
Copy link
Member

smancke commented May 4, 2017

It would be great to support a configurable callback after a successful login:

  • As go function, which could be registered
  • As http endpoint

The callback should be receive the following data:

  • claim data
  • the raw user data from the oauth provider
  • The access token from the oauth provider

A callback should be able to return a modified claim data object.
@jgillich
Copy link

jgillich commented Jun 2, 2017
edited

I think using a plugin architecture is a more universal and efficient approach here. In billstack, I'm currently calling stripe at a few places:

  • At login, to extend the claims
  • At signup, to create a customer along with the cc token
  • When updating user information, to update the cc token

In addition to that, there are payment specific endpoints (e.g. to subscribe to a plan, or to add credits). By going the callback route, not only would you have payment specific data in loginsrv calls, you would also need a separate service that provides the and other payment endpoints. Simply going the route of a payment plugin would be both easier in design and also faster.

There could of course also be other use cases for plugin other than payments. For example, if you wanted a http endpoint, you could easily create a plugin for it.

Maybe I wrote all this for nothing because "go function" already implies a plugin architecture, who knows. 😄

@smancke
Copy link
Member Author

smancke commented Jun 2, 2017

@jgillich In fact I plan to have both:

  1. a hook, where you can register a custom function to be called after the login
  2. a simple default implementation for that hook, calling a http endpoint

@magikstm
Copy link
Contributor

I may use these hooks for a "password sharing detection" plugin.

After 5 or 10 logins from different IPs within a set amount of time (maybe 24h) it would mark that account as "potentially shared" and return an html page notifying the user. I may need that eventually with htpasswd.

@smancke
Copy link
Member Author

smancke commented Jun 19, 2017

ok, cool, nice idea.
I will definitely implement this 'post login callback' feature, since I will need it by my self, also. But it will take 2-4 weeks, until I come to that.

@jgillich
Copy link

jgillich commented Jun 19, 2017
edited

Just to clarify, the ability to register custom functions (1.) is going to be implemented using plugins? We probably meant the same and just used different terminology.

@smancke smancke mentioned this issue Jul 26, 2017
Closed
@smancke smancke mentioned this issue Aug 25, 2017
Closed
@afdecastro879 afdecastro879 mentioned this issue Nov 22, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgillich @smancke @magikstm