using dex for authentication #471
Comments
|
@ahdinosaur @agentlewis might need a bit more context/specificity for this one |
|
i'm interested in understanding the goals here - as i understand it, we want to be able to log into both Loomio + Cobuy with one login / form? |
|
ok so LOL this has nothing to do with holodex which is what i originally thought. @iainkirkpatrick dex is an oauth provider - you probably already knew this |
|
chatted with @ahdinosaur , this ticket now simply involves setting dex up, with actual integration coming later |
|
ok cool :) |
|
Correct! And styling it with tapin branding. Should say “tapin login” we can also set up loomio with it. |
|
ok so briefly read over the dex docs - this is def stuff i haven't touched before. not to say that it will be easy / hard (looks interesting!) but i'm quite fuzzy how this is gonna work, esp with Loomio integration. Is this something we need before the first deadline? |
|
In theory it’s just another oauth2 provider that we give credentials to loomio team for. Regarding do we need this. Short answer, yes. It’s badically what makes our dolution a complete solution rather than collection of seperate solutions |
|
hmmm ok re-reading i think i understand more... dex can act as an oAuth provider and issue tokens as FB, GH etc would. the idea then would basically be that all Tapin users must use this type of credential to log in? i.e. a dex 'Tapin' token. so we wouldn't have any other providers (FB, GH) that folks could log in with? i can see how that makes sense |
|
@iainkirkpatrick correct |
|
found this blog talking about open ID connect https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1 |
|
ok, been grokking a bunch of Dex stuff today. i'm now at the point where i'm wondering - why are we wanting to roll Dex if we aren't wanting users to be able to sign in with other OIDC / identity providers like Google, Github etc? Wouldn't it be simpler to use a nodejs oauth server? Or am i missing some benefits of dex... it seems heavy-handed? (and i can't fully work it out but possibly missing some features like password reset?) tagging @ahdinosaur @agentlewis |
|
From my point of view:
However the requirement is:
|
|
had a chat with @ahdinosaur briefly - gonna suss out whether node-oauth2-server is a better fit, probably as part of another specific dogstack app that handles identity. with the emphasis as @agentlewis pointed out above of being an MVP solution :) potentially we use dex in the future as part of this |
|
@iainkirkpatrick I am not to fussed what we use so long as we can get it up quick. I am obviously biased towards creating another dogstack app, if we can do it quick :) and that it takes care of all the standard flows on desktop and mobile and lastly that it is secure. Also want to name the goal here is to have Single Sign On - SSO as I hadn’t named it above. |
|
or... after reading a bit more... we could use dex, and roll our own OIDC server :D by roll our own i mean use https://github.com/panva/node-oidc-provider |
|
thought dump:
|
|
Note the requirement for a provider is specifically for other apps to use:
I don’t think this ticket is worth progressing if it doesn’t solve this. Ie we just deal with the fallout of people logging into tapindecide using a passwordless system and tapinbuy with a password. Not sure if that helps... |
|
@agentlewis yep i see using a single provider as solving that problem :) what do you think about all the Tapin apps sharing a single profile? that would be an optional, extra piece as i imagine the cost to change Loomio to deal with that would be not insignificant... |
|
Shared profile would be amazing - I think we can prep it by getting it working with cobuy and than workout with loomio what it would take to make it work for them. Probably a weeks work. |
No description provided.
The text was updated successfully, but these errors were encountered: