Way to disable girderToken in hash on oauth callback? #188
Comments
|
Where should it go instead?
I don't think I'm following. It seems like this would prevent authentication altogether.
Could you share an example? location.hash = location.hash.replace(`${OauthTokenPrefix}${token}${OauthTokenSuffix}`, '');This should only result in the removal of the girderToken parts. |
|
Are we talking about the situation where the GWC app is served from the same origin as girder such that it has access to the cookies set by girder and therefor doesn't need to read the token from the hash string? |
|
It's this bit return (await this.girderRest.get('oauth/provider', {
params: {
redirect: `${window.location.href}${OauthTokenPrefix}{girderToken}${OauthTokenSuffix}`,
list: true,
},
})).data;I am not doing anything to read the token from the hash, I think it's fine just getting set via the cookie since I'm same-origin. |
|
#189 is one possible solution. There are others. |
|
I'm not sure what solution is best, I was originally thinking of just stripping out the whole infrastructure surrounding our automated token setting from the hash and just letting downstreams handle this with an This line is the culprit in my case. Because I'm same-origin, I do have that cookie, so setCookieFromHash is never being called. So each time I logout and login my hash is just getting longer and longer e.g.
The redirect itself is problematic because Would anyone be heartbroken if I just ripped this functionality out and made this downstreams' problem? |
Right now there doesn't seem to be a way to change the callback URI, which automatically contains the Girder auth token.
Ideally I'd like a way (maybe it should be the default?) to not append a hash string at all. As of right now, it's creating malformed URLs with multiple hash strings in cases when the starting URL already contains a hash component.
The text was updated successfully, but these errors were encountered: