Comments (14)
I would love to see this implemented - if there is a chance of it being merged, I can likely create a pull...
@bbangert thoughts?
from velruse.
There is a different context for each provider(FacebookAuthenticationComplete, TwitterAuthenticationComplete, etc.), so you can attach different Pyramid views to different contexts, if you are using velruse as a Pyramid plugin. Something like:
@view_config(context='velruse.FacebookAuthenticationComplete'..)
def view(request):
pass
from velruse.
@jayd3e - I think we are talking about different kinds of context...
I need to be able to store arbitrary data before redirecting the user, and then receive it when the user arrives back.
I'm suggesting support for, for example, OAuth2's 'state' parameter described in section 4.1.1 of the OAuth2 spec.
from velruse.
Gotcha. Yah, in my apps I would likely store that kind of information in the session, and then remove those variables once authentication is complete. I'll have to take a look at OAuth2's 'state' parameter though, as it would be nice if velruse supported the full spec.
from velruse.
Velruse would probably store this information in the session. It tends to use the state parameter for CSRF checks to validate the authentication. With that in mind, I'm not sure how much velruse should do here versus you just storing the data in the session before redirecting to the velruse login endpoint. Thoughts?
from velruse.
FWIW this is similar to #55
from velruse.
I'm using velruse as a Pyramid app. In the old velruse, it was very convenient to pass endpoint as a parameter which is POSTed to velruse provider form handler. Later, when velruse receives the response from provider, it would redirect to the endpoint given as the parameter during the first POST.
That being said, one option for the new velruse providers would be to take some "context" parameter during the initial POST. Save it to session under uuid-like key that is received from the provider as the "state" parameter (so as to allow for simultaneous auth transactions). And then in auth_complete_view take the "context" from session and pass it to the endpoint url.
Would that work? Does anyone have better options in mind?
from velruse.
Of course, overriding the endpoint (that is now taken from config) for an individual form would also be nice.
from velruse.
I had not considered simultaneous auth transactions for a single user to be a priority.
from velruse.
@sontek What do you think about just adding a user_data
parameter to the login forms. This would update the authentication context to contain profile
, credentials
, and user_data
. This parameter could be anything you want it to be. A json-encoded string, encrypted, signed, whatever. To velruse it'll just be a key shuffled around. I'm not sure user_data
is a good name, maybe custom_state
?
from velruse.
Another option is to hook into Pyramid's event system. Basically when the login view is invoked it could emit an event containing the request
, the provider name/type and give you a chance to store information in the session.
from velruse.
I guess something like user_data
in login forms would work for me.
from velruse.
@sontek would the solution proposed by @mmerickel work for you? Do you have other ideas?
from velruse.
@mmerickel @naktinis This would work for me.
from velruse.
Related Issues (20)
- Error in OpenId connection HOT 2
- Wrong authentication complete class for OpenID HOT 3
- Google_oauth2 failure
- Before and after login events HOT 3
- Get email from linkedin and make routes consistent with other providers HOT 6
- data['email'] raises KeyError with velruse.google.scope = 'opend profile' HOT 2
- Recent Twitter error -- data['utc_offset'] float conversion. HOT 2
- Missing make_velruse_app function HOT 1
- Review routes for bitbucket
- is it better not to extract resp from proivder in callback()?
- Problems after linkedin provider migrated to oauthlib HOT 1
- Valid exceptions during provider login causes unrecoverable exception
- ThirdPartyFailure is raised when something gows wrong with provider, but there's no way to catch it. HOT 1
- Window's Live ID authentication isn't working
- Google is deprecating and shutting down OpenID support
- Can Velruse work with Traversal route HOT 1
- Link in repo description redirects
- Facebook Login is broken: KeyError: 'access_token' HOT 4
- FB Oauth2 URL has changed HOT 1
- Live OAuth URLs have changed.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from velruse.