osm-auth icon indicating copy to clipboard operation
osm-auth copied to clipboard
verified publisher icon osmlab

Notification on authentication status change

Open nyurik opened this issue 8 years ago • 3 comments

Is there an way to track when authentication status changes? For example, if during a request, authentication changes from non-authenticated to authenticated, it would be good to call my event handler. Also, it should be called if client had to re-login (possibly under different credentials) during the request handling.

My goal is to update UI if login status has changed.

Thanks!

nyurik avatar Nov 04 '17 21:11 nyurik

Yes, when you create the osmAuth object, you can pass it an options hash with optional loading and done properties - these are callback functions that will be called when the authentication begins and completes. https://github.com/osmlab/osm-auth#api

Looking at how this works in the iD source code might be helpful too..

bhousel avatar Nov 04 '17 21:11 bhousel

@bhousel thanks for the quick answer! My concern is handling the "user switching". For example, if the user revokes the token, and afterwards attempts to make an authenticated request, how would I detect that? Also, what happens if the user closes the authentication popup, instead of authenticating - is there a way to handle that? Thanks for the code link, studying it now.

nyurik avatar Nov 04 '17 21:11 nyurik

My concern is handling the "user switching". For example, if the user revokes the token, and afterwards attempts to make an authenticated request, how would I detect that?

I think if the tokens are revoked the OSM API will return an error, as long as your app is using oauth.xhr to make requests. The request will be signed with an invalid token and the OSM API should return 401 Unauthorized, or something like that. See iD's loadFromAPI method where we handle all this. The method will logout (i.e. remove oAuth secrets) and retry the request.

Also, what happens if the user closes the authentication popup, instead of authenticating - is there a way to handle that? Thanks for the code link, studying it now.

Looks like this library don't do it yet: https://github.com/osmlab/osm-auth/blob/31494a589a6cf61197f6e98f863503c2b5615bc1/index.js#L31-L32

I guess we'd need to add an event handler for that popup page and add a cancelled callback to the options that could get called if the user closes the popup before the authentication completes.

bhousel avatar Nov 05 '17 16:11 bhousel