feat: UI Auth/Login #41
Conversation
…into hooks-cleanup * 'hooks-cleanup' of https://github.com/flipt-io/flipt-ui: chore(deps-dev): bump prettier-plugin-organize-imports (#28)
* main: fix(fetch): pass credentials: include (#6) chore: rename error hook; cleanup (#31) chore(deps-dev): bump prettier from 2.8.2 to 2.8.3 (#29) chore(deps-dev): bump @typescript-eslint/eslint-plugin (#34) chore(deps-dev): bump @typescript-eslint/parser from 5.48.1 to 5.48.2 (#35) chore(deps-dev): bump eslint from 8.31.0 to 8.32.0 (#30) chore(deps-dev): bump eslint-plugin-react from 7.32.0 to 7.32.1 (#33) chore(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 (#32)
* main: feature: Validate distributions (#37)
* 'login' of https://github.com/flipt-io/flipt-ui: chore(deps): bump react-router-dom from 6.6.2 to 6.7.0 (#39) chore(deps-dev): bump @types/react from 18.0.26 to 18.0.27 (#40) chore(deps): bump swr from 2.0.0 to 2.0.1 (#38)
src/app/auth/Login.tsx
Outdated
| }, [setError]); | ||
|
|
||
| useEffect(() => { | ||
| loadAvailableProviders(); |
There was a problem hiding this comment.
This seems like it would cause an endless loop of loading providers?
There was a problem hiding this comment.
i checked with console.log it only calls once, I'm wondering if its because its wrapped in a useCallback?
There was a problem hiding this comment.
Could this be because you're passing the loadAvailableProviders function as an arg below?
useEffect docs suggest the second argument is compared between each render.
If it doesn't change then the first argument function is not called again.
Seems to me that function will never change. Or maybe there is some overloaded alternative behaviour when a function is passed as second arg.
Seems you could also pass [] for the same effect:
https://reactjs.org/docs/hooks-effect.html#tip-optimizing-performance-by-skipping-effects
There was a problem hiding this comment.
It seems like more often than not you want state in your dependencies array passed to useEffect.
There are cases where you might pass a function. Though that seems to be when they're defined out of scope:
https://reacttraining.com/blog/when-to-use-functions-in-hooks-dependency-array/
(I admit as I kept reading this I started to glaze over and maybe missed something key)
* main: chore: change doc icon (#42)
|
@markphelps I didn't realize it was This does mean continued used of things like |
src/types/Auth.ts
Outdated
| 'io.flipt.auth.oidc.email': string; | ||
| 'io.flipt.auth.oidc.email_verified': string; | ||
| 'io.flipt.auth.oidc.name': string; | ||
| 'io.flipt.auth.oidc.picture'?: string; | ||
| 'io.flipt.auth.oidc.provider': string; |
There was a problem hiding this comment.
Would be good to explore this with different requested scopes.
I see picture is required. However, I think technically they all could be required.
Since you can configure Flipt with no scopes (apart from the oidc scope which is required) and we can authenticate them but obtain next to no information.
Which, I think, is good. It is a feature the operator can decide on.
Adds OIDC login support to the UI 🎉
Fixes: FLI-70
Supported by: flipt-io/flipt#1279
DEMO: https://imgur.com/a/jUHFHJO
Auth Checks
flipt) via the newSessionProvideranduseStorage/useSessionhooks/meta/infoendpoint on the API. if the API returns an error (likely 401), then auth is required, so we'll redirect to the/loginpage/meta/infoand store that in the session and continue onLogin
authorizationURLconfigured in the Flipt ServerAPI Calls
credentials: includeoption. This ❓ should we change tosame-origininstead? it looks like this is actually the defaultUser Profile
Logout
/v1/auth/expire/loginagain.TODO
same-origininstead ofincludefor credential forwardingFuture Improvements