Skip to content
This repository has been archived by the owner on Aug 3, 2023. It is now read-only.

Minehut OAuth2 #133

Open
4 tasks done
WyattSL opened this issue Aug 16, 2020 · 1 comment
Open
4 tasks done

Minehut OAuth2 #133

WyattSL opened this issue Aug 16, 2020 · 1 comment
Labels
feature request New feature or idea suggestion web (core) This is related to the Minehut core web app (includes panel)

Comments

@WyattSL
Copy link

WyattSL commented Aug 16, 2020

Feature request

Checklist

  • I have read and agree to the README (found on https://github.com/Minehut/Meta)
  • This is not a bug report, support request or plugin request
  • I have searched the Issue Tracker to make sure this is not a duplicate issue
  • This issue does not contain any sensitive information

Platform

Website

Describe the feature

The ability for developers to create OAuth2 applications that allow people to login with their Minehut accounts, and return a access/session token for usage with Minehut's API
Additionally, the ability for server - server communication, that would allow developers to create a token for their personal usage with the API.

How the feature is useful

The feature benefits developers the most, but could benefit everyone. It's useful because there is no longer any method for developers to login with a email/password or token (ghost login), thanks to Auth0. And it allows things like discord bots for server management would be possible again.

Use the 👍 reaction to indicate you agree with this suggestion! Feel free to discuss the idea in the comments.
👍
@WyattSL WyattSL added the feature request New feature or idea suggestion label Aug 16, 2020
@jellz jellz added the web (core) This is related to the Minehut core web app (includes panel) label Aug 16, 2020
@zacjones0
Copy link

From what I understand Auth0 (the login solution Minehut uses) has a list of allowed redirect urls from the login page, you can find what page is redirected to from the redirect_uri query in the login page url, (https://minehut.com/login for Minehut). When redirected to that url (After the user has entered their login) Auth0 passes the code parameter in form of a query aswell (e.g. https://minehut.com/login?code=dfa3ufd) which is then exchanged for an id_token containing the session and token used for Minehut's normal API endpoints.

So the main problem is being able to redirect back to your application. This makes apps like websites basically impossible unless you ask Minehut to add your website to the redirect list, but native apps have a bit of a chance, if Minehut allowed a custom uri scheme e.g. minehut://login that can be registered on the users computer to open the native app, all native apps would be able to use that one uri scheme saving Minehut having to add a redirect url to the list for every app.

Sorry that was pretty long and I'm not the best at explaining.
You might want to check out the Auth0 Docs (specifically here) for more in depth explanation of how it works.

@Prorickey Prorickey mentioned this issue Apr 5, 2021
Open
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature request New feature or idea suggestion web (core) This is related to the Minehut core web app (includes panel)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jellz @WyattSL @zacjones0