marsha icon indicating copy to clipboard operation
marsha copied to clipboard
verified publisher icon openfun

[backend] Redirect user to frontend with challenge token after login

Open qbey opened this issue 3 years ago • 1 comments

Purpose

To allow the frontend authentication when it will become a single page application, we need to provide a new authentication loop.

Proposal

The authentication is still made using the Django pages, except at the end, the user is redirected to a "frontend" view with a challenge token. The frontend can then make a request to the backend's API to get a real access token (and maybe later, a pair of access token and refresh token).

  • [x] add new kind of challenge JWT
  • [x] add redirect view to the frontend with a challenge token argument (and use it a the "Django" login redirect view).
  • [x] add API endpoint for challenge to access token conversion
  • [ ] add tests

qbey avatar Jul 21 '22 16:07 qbey

@sampaccoud this is only a draft for now, I even didn't run the linter on it ^^' I will probably rewrite this when the other work to clean JWT use in code is done.

qbey avatar Jul 25 '22 07:07 qbey

The challenge token has a life time of 60 secondes, but shouldn't it be invalidated in case of a challenge success ? (Currently within this 60 secondes, the challenge can be resolved multiple times).

RVassili avatar Sep 23 '22 12:09 RVassili

The challenge token has a life time of 60 secondes, but shouldn't it be invalidated in case of a challenge success ? (Currently within this 60 secondes, the challenge can be resolved multiple times).

Yes, to be added in another PR, see issue https://github.com/openfun/marsha/issues/1727

qbey avatar Sep 26 '22 13:09 qbey