remark42
remark42 copied to clipboard
umputun
How to make auto Anonymous login with username from my page
Is it possible to use username from my portal for Anonymous login on Remark42. I want to my user auto login on remark when is user signed in on my page. Remark running on another domain? Please help! Thanks
@akellbl4 @paskal @Mavrin - any ideas? Probably some JS magic to call a GET from the iframe, but I'm not sure if this possible
Please i tried with cookie... but without success. I can't create cookie from one domain to another. I feel that can be some way, but I didn't find... @akellbl4 @paskal @Mavrin I hope so that you can help me with this idea
Sorry, I skept the issue.
@umputun I think we are not able to integrate login from frontend side. I think it should be like this: user login on main site, main site makes server-to-server request to remark and remark emits token then site could set cookie with access on subdomain with mask .example.com.
With this type of auth we can hide user block and login button will emit event to parent window (the site) about click on it and this click could be handled by it.
I hope my description of the login process is clear.
let me see if I got the idea - so user does login to example.com (main site). Something on this side hits a trusted "direct login" url (go-pgz/auth supports such direct auth) like remark42.example.com/direct_login and get back a cookie and xsrf header. But I don't really get what next? Lets say example.com sets cookie for the site and, if domain/subdomain match, it will be used by remark42, at least in theory. However, what next? How all of this will deal with token refreshes? How to deal with logouts?
Generally, this request is about some limited form of SSO, and I don't have a good idea how to make it work painlessly.
Alternative solution would be to put a proxy in front of both main site and remark site and delegate all auth to this proxy. It will pass login info (user name) to upstream as a header.
You got it. Refreshes could be done by frontend because we user is logged in remark frontend could send request to remark backend and backend will handle this thing. We need just add API for login event on the site and than remark iframe will be reloaded and remark could handle all of it by itself. Logout should be synchronized on the site and remark in terms of tokens life time. Also for logout will be used the site backend which could clear cookies.
This request is something what I thought not long ago. Because If someone has site with its own auth it could be a problem to use standalone comments because they have their own auth and it could be one of biggest advantages of Remark in compare with other comment systems.
Getting the frontend involved in auth logic won't be my first choice. Anyway, i'll play with both ideas, i.e. proxy and service-to-service direct auth in order to keep it all handled by the server. Maybe you right and the only thing we actually care about is the initial login. From this moment everything may continue to work the same way as today, i.e. directly from remark42 iframe
Hey! Jumping on this thread as SSO is also a feature I would like to implement.
Regarding the existing API and demo website, it seems that doing a
GET https://demo.remark42.com/auth/anonymous/login?site=remark&user={USERNAME_FROM_YOUR_WEBSITE}&aud=remark&from=https%3A%2F%2Fdemo.remark42.com
generates this
{"name":"test","id":"anonymous_a94a8fe5ccb19ba61c4c0873d391e987982fbbd3","picture":"https://demo.remark42.com/api/v1/avatar/c5f426697ad14b7fe76e2b154e89c5b6cbc24b61.image","attrs":{"admin":false,"blocked":false}}
in addition with response cookies
I will try something with these data during the week and I will post the result if it works well
