Comments (11)
@zburgermeiszter I'm interested in adding GitHub authentication. Do you think it'd be possible with the method you suggested?
from staticman.
Still not sure how this would work. Normally, these third-party services implement an OAuth flow that sends an access token back to the host site. Who would be the host site here? It can't be the client's static site, so it'd have to be Staticman. But what do we do with that access token? We don't store any data on our service, so not sure how this would work.
Any further thoughts?
from staticman.
You don't need to store the token.
You can pass it to the client to store it in a cookie. If you want you can encrypt it with the previously suggested asymmetric encryption.
Then when the visitor sends the comment it also sends the cookie with the token that you can decrypt and pull user details (name, email) from the OAuth provider.
Source: https://jacada.zendesk.com/hc/en-us/article_attachments/200674926/secureinteractionflow.png
from staticman.
I also found some thoughts about how to implement this on a Single Page Application.
Authentication in Single Page Applications
It might help us in the future.
from staticman.
I realized it is enough to play through the authentication until the callback where Staticman receives a user profile object which can be encrypted in a cookie with the Staticman public key.
It is not needed to store the token on the service because it does not need to communicate with the user provider after puling the profile details.
When user made some changes on their social profile, they can update the encrypted cookie contents with the fresh data from the social network.
Let me know when you are done with the encryption integration and I'll try to integrate my proof-of-concept code to it and send a PR.
from staticman.
Cool! I probably won't have the capacity to look into it before the weekend. Will let you know once I do.
from staticman.
After receiving an OAuth token, it is also possible to post something to the user's wall.
So they can tweet or post to FB wall what they have commented.
With a short link, which generates more inbound traffic for the blogs, and some statistical data for the short url owner which is possibly the staticman service owner.
from staticman.
I created a proof-of-concept code for this feature request.
Have a look at it and let me know your thoughts.
https://github.com/zburgermeiszter/passport-stateless-oauth
from staticman.
Just having another look into this. I'm not keen on adding too much complexity to the platform, to be honest. Especially considering that the amount of time I can afford to dedicate to maintaining the project is quite limited, I want to keep the beast easy to tame.
Happy to revisit in the future.
Thanks!
from staticman.
@eduardoboucas , yes ; see https://github.com/zburgermeiszter/passport-stateless-oauth/blob/dev/service/package.json#L9 and https://www.npmjs.com/package/passport-github2
from staticman.
Any update on GitHub authentication?
from staticman.
Related Issues (20)
- code: 'ERR_OSSL_UNSUPPORTED' HOT 3
- Prevent javascript injection
- Supporting a more secure hash for email addresses
- Error: Require an `oauthToken` or `token` option HOT 1
- How can you change the Time Zone HOT 1
- Improve documentation for self-hosted staticman + gitlab HOT 6
- "INVALID VERSION" HOT 2
- Support for email servers other than Mailgun HOT 5
- Error: error:02000079:rsa routines::oaep decoding error HOT 1
- [GITHUB_READING_FILE]
- Gitlab and Heroku deployment
- run on vercel
- Heroku shutting down their free tier HOT 40
- Is this project still active? HOT 8
- Unexpected End of JSON Input
- Error 500 [InvalidAsn1Error]: encoding too long HOT 1
- errorCode: INVALID_VERSION when trying to accept the GitHub bot invitation HOT 3
- "errorCode":"GITLAB_READING_FILE"} HOT 2
- RSA private key encoding too long HOT 2
- Staticman for Hugo ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from staticman.