-
Notifications
You must be signed in to change notification settings - Fork 4
Authentication
The authorisation of the parent application is handled by creating a new authentication provider that extends the abstract class BaseAuthProvider defined at src/authentication/baseAuthProvider.tsx. Additionally, the parent app should be also modified so that it recognises the new provider by editing handleAuthProviderUpdate in scigateway.reducer so that it is able to recognise a value for auth-provider in public/settings.json that matches your new auth provider.
This class provides some default methods that can be overwritten if need be but are fine if left e.g. managing the storing of tokens. The main methods a new auth provider needs to fulfil are the login method, which accepts a username and password and returns a Promise that resolves on successful login and rejects on unsuccessful login, and the verifyLogin method which checks that the token is still valid and similarly returns a Promise that is valid upon valid token and invalid upon invalid token.
There is a LoadingAuthProvider which is only used when the app is loading to reject all login attempts, and a TestAuthProvider which is used for testing purposes and then there are the actual example auth providers - jwt and github.
Tokens are currently stored in local storage under scigateway:token. We want to change this to be stored as a cookie instead.
In order to be able to authenticate, then the authorisation server needs to be ran alongside the parent application. The npm run command currently does this automatically, but otherwise you need to serve /server/auth-server.js
-
Architecture
-
Dev environment
-
Developing a plugin
-
Deployment
- Deploying SciGateway
- SciGateway Settings
- Deploying plugins
-
Releasing
-
Plugins
-
Continuous Integration
-
UX
-
Feedback