Ubisoft OAuth integration #56

MKuijpers · 2021-07-28T09:34:56Z

Adds a "Login with Ubisoft" button to authenticate the user.

⚠ Requires .env changes! ⚠

OAuth requires you to create an application on api.trackmania.com:

Client:
NEXT_PUBLIC_CLIENT_ID=<CLIENT_ID from api.trackmania.com>

Server:
TM_API_CLIENT_ID=<CLIENT_ID from api.trackmania.com>
TM_API_CLIENT_SECRET=<CLIENT_SECRET from api.trackmania.com>

Flow Summary

Click "Login with Ubisoft"
Redirect to api.trackmania.com/... authentication URL
Login using Ubisoft credentials
Redirect back to <domain>/auth_redirect containing a code and state in query params
Send post request to TMDojo API /authorize endpoint
- Exchange access code for an access token
- Request user info
- Create a session for respective user
- Set HttpOnly sessionId cookie
- Respond with user info
Send back sessionId cookie with further requests for authentication
- Done using {withCredentials: true} config in axios (will create an axios interface with this default in a later PR)

New Endpoints

/authorize for first authentication
/logout to logout. Removes session and sends back a sessionId cookie with an age of -1 (instantly deletes cookie)
/me to fetch user information for the logged in user

vercel · 2021-07-28T09:34:58Z

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/bux42/tm-dojo/hswTALSAgqDCjsK4U98hrUcwHAwv
✅ Preview: https://tm-dojo-git-ubi-auth-bux42.vercel.app

davidbmaier

Looks good for the most part, just a few minor things 👍

app/components/common/UserDisplay.tsx

app/components/landing/InfoCard.tsx

app/lib/api/auth.ts

server/lib/db.js

davidbmaier · 2021-07-28T20:15:54Z

server/lib/db.js

+    const sessions = db.collection('sessions');
+    const sessionId = uuid();
+    await sessions.insertOne({
+        sessionId,


Not something we have to do right now, but I wonder if we should store the hash of the secret instead of the real session. Obviously that means we'd also have to change the validation when requests come in - let me know what you think.

server/middleware/auth.js

server/lib/authorize.js

MKuijpers added 10 commits July 25, 2021 17:31

Add trackmania login button and URL

aab5d38

Add basic TM token exchange and connect front-end

3efcd85

Add session secrets and storage of sessions

8254741

Add session deletion and proper logout requests

f3f6030

Use HttpOnly cookie for session

a5fa7eb

Rename sessionSecret to sessionId

2dd5c7d

Store user info in AuthContext

7cab746

Logout and update user using AuthContext

64a3bd9

Add user auth middleware on server

d00a24e

Remove unnecessary TODOs

8b4010f

MKuijpers added 2 commits July 28, 2021 12:04

Remove Check Auth button

a83c9e9

Move UserDisplay to common components

aa18353

vercel bot deployed to Preview July 28, 2021 10:05 View deployment

User router.back() instead of redirecting to the homepage

e3ff8a4

vercel bot deployed to Preview July 28, 2021 10:16 View deployment

Add login button on map page

06b57bd

vercel bot deployed to Preview July 28, 2021 10:27 View deployment

Add proper redirects after login

860e8b2

vercel bot deployed to Preview July 28, 2021 17:58 View deployment

Add and check random state in auth URL

1535b73

vercel bot deployed to Preview July 28, 2021 18:14 View deployment

Remove state after retrieving it + add log for invalid state

01fc4c4

vercel bot deployed to Preview July 28, 2021 18:22 View deployment

Open ubisoft auth in new window

2d01b33

vercel bot deployed to Preview July 28, 2021 18:51 View deployment

MKuijpers added 2 commits July 28, 2021 21:21

Move auth popup window code into UserDisplay component

ba2ee69

Extract and clean window popup code

70090f4

vercel bot deployed to Preview July 28, 2021 19:37 View deployment

MKuijpers requested a review from davidbmaier July 28, 2021 19:45

davidbmaier requested changes Jul 28, 2021

View reviewed changes

General code cleanup based on PR comments

50ad48e

vercel bot deployed to Preview July 29, 2021 09:29 View deployment

MKuijpers added 2 commits July 29, 2021 11:41

Update depricated client check

fc3a3c7

Replace deprecated querystring with URLSearchParams

2ddc7cb

vercel bot deployed to Preview July 29, 2021 09:49 View deployment

Change 'next(); return;' to 'return next();'

24a28ab

vercel bot deployed to Preview July 29, 2021 09:55 View deployment

Remove HttpOnly and check sessionId cookie for /me requests

bf5053c

vercel bot deployed to Preview July 29, 2021 14:35 View deployment

Refactor auth flow code and simplify window opening

aa5d2b2

vercel bot deployed to Preview July 29, 2021 14:58 View deployment

Add return at the end of async function (thanks linter)

7f15824

vercel bot deployed to Preview July 29, 2021 15:04 View deployment

davidbmaier approved these changes Jul 30, 2021

View reviewed changes

MKuijpers merged commit 6e2984d into staging Jul 30, 2021

MKuijpers deleted the ubi-auth branch July 30, 2021 10:52

MKuijpers mentioned this pull request Jul 30, 2021

[Update main] OAuth, default order, and refresh button #57

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ubisoft OAuth integration #56

Ubisoft OAuth integration #56

MKuijpers commented Jul 28, 2021 •

edited

Loading

vercel bot commented Jul 28, 2021 •

edited

Loading

davidbmaier left a comment

davidbmaier Jul 28, 2021

Ubisoft OAuth integration #56

Ubisoft OAuth integration #56

Conversation

MKuijpers commented Jul 28, 2021 • edited Loading

⚠ Requires .env changes! ⚠

Flow Summary

New Endpoints

vercel bot commented Jul 28, 2021 • edited Loading

davidbmaier left a comment

Choose a reason for hiding this comment

davidbmaier Jul 28, 2021

Choose a reason for hiding this comment

MKuijpers commented Jul 28, 2021 •

edited

Loading

vercel bot commented Jul 28, 2021 •

edited

Loading