Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Specifying redirect URI #1177

Open
kevincox opened this issue Apr 8, 2020 · 1 comment
Open

Allow Specifying redirect URI #1177

kevincox opened this issue Apr 8, 2020 · 1 comment

Comments

@kevincox
Copy link
Contributor

kevincox commented Apr 8, 2020

Right now the redirect URI is "hardcoded" to the current page. (Unless you are cordova) This is very inconvenient as oauth providers such as Google restrict the redirect URI to an exact hardcoded path. This effectively means that you must run the login widget from one of the pages that you have whitelisted. Note that this is at odds with how the remotestorage-widget works that will trigger a login flow on any page.

Example use case:

  • User goes to /item/4298.
  • In order to see that item they need to log in.
  • This is an error because the redirect URI is not /item/4298.

I have a hacky workaround here:

import RemoteStorage from "remotestoragejs";
import * as store from 'svelte/store';

import RecipeDb from "./db.js";

class MyRemoteStorage extends RemoteStorage {
	authorize(options) {
        // Mostly copy-pasted from the super method.

		this.access.setStorageType(this.remote.storageApi);
		if (typeof options.scope === 'undefined') {
		  options.scope = this.access.scopeParameter;
		}

        // Note that in order to direct the user back to the page they started the login from I need to save the original path.		
		let uri = `${location.pathname}${location.search}${location.hash}`;
        // Then I set the redirect URI to the dedicated receiver endpoint.
		options.redirectUri = `${location.origin}/oauth#!${encodeURI(uri)}`;
		
		RemoteStorage.Authorize(this, options);
	}
}

Note that there are two things to solve here.

  1. Use a stable redirect URI.
  2. Allow the app code to provide enough information to preserve state before login.
@raucao
Copy link
Member

raucao commented Apr 9, 2020
edited
Loading

Allow the app code to provide enough information to preserve state before login.

It is actually possible to use the OAuth state parameter for this. I don't see this documented as public API for remoteStorage.connect(), so we may have to add this as an optional argument to the connect function. It could then also be added as config option to the widget add-on, so it calls connect with the correct arguments. The same could be done for the redirect URI. I think both are good additions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raucao @kevincox