Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth support #89

Open
nightsh opened this issue Jun 22, 2017 · 4 comments
Open

OAuth support #89

nightsh opened this issue Jun 22, 2017 · 4 comments

Comments

@nightsh
Copy link

nightsh commented Jun 22, 2017

Hi, would it be interesting for anyone to have OAuth support in Davros? What I'm thinking about is nothing too fancy, here's the proposed scenario:

  • having a switch in config to enable/disable OAuth support (I am looking at torii)
  • enabling it would also need some configuration to be provided
  • if enabled, visitors will be presented with a login screen on any route, or any route beyond the main route, this remains to be seen

This would allow Davros usage outside Sandstorm, as a lightweight file manager tied to any app that is able to act as a OAuth server. Since all the major frameworks have such integrations readily available, that won't be a major source of pain.

The reason I'm asking this here is because I tried for the past few days to achieve this without touching Davros source code, but I failed miserably to do so.

I tried creating an Ember addon for it, but this lead me nowhere near what I needed.
Then I tried to think about a Davros wrapper, but I've no practical knowledge about how to build such a thing.
And last but not least, I desperately tried to create an Ember Engine for Davros, which would be installable and mountable in any Ember app, which indeed seems to be the perfect solution. Just a few minor problems I have with that: the need to separating the express server from the Ember app, my lack of experience on engines (for now) and that I need to mutilate the Davros code in order to do that, which is going to be painful to maintain (even more than a full fork).

So, given these thoughts, would anyone in the Davros dev team be interested in the development of an OAuth feature for it? I can easily be the main actor in this, as I'm going to do it anyway, one way or another, but it would be nice to work with the upstream (i.e. you) to do so.

Cheers!

@mnutt
Copy link
Owner

mnutt commented Jun 22, 2017

Hi Victor,

Thanks for checking out Davros! I'm curious as to your use case--are you planning on using Davros in conjunction with another app, or just want to run it standalone without having to set up Sandstorm? If it's the latter I'd be remiss if I didn't mention that the Sandstorm people are super nice in IRC and are happy to help people get it set up.

As far as how to get Davros doing OAuth, I think that a middleware inside server/index.js would probably be the best place to check to see if the user is authenticated, and if not what to do about it. I actually have another project, https://github.com/movableink/doorman which does something similar to what you're talking about, depending on your use case you may be able to copy some of its middleware or possibly just put doorman in front of davros.

To your point about integrating this into Davros itself, I'm happy to accept something for adding lightweight authentication, but would prefer not to get into reimplementing all of the things that Sandstorm provides: individual user permissioning, sharing, etc would probably result in a lot of duplication. But just for OAuth-based access granted or denied, I think that would be fine?

@nightsh
Copy link
Author

nightsh commented Jun 22, 2017

Michael, thanks for the reply!

Alright, let's shed some light on that use case :)

There's a small software bundle cooking now, with very specific use cases and integrations. The people who will be using it are already using Sandstorm now and are pretty much used to Davros, and I see no reason to change that. You can see more details on the use case on project's homepage and github.

Now, it would be a shame not to reuse and maybe contribute to further development of tools still valid for this new use case. That's why I came here to ask before spawning yet another project, which would be the case in the event of a full blown fork. Sadly, I couldn't get the Ember engines running, but maybe one day someone smarter than me will pick up the task :)

I'm not planning on reimplementing ACLs and any other advanced user administration into Davros. This project here has some other purposes, none of which is managing users.

However, being able to package it together with any OAuth provider makes it more interesting, as there are many frameworks and platforms offering this possibility. In my specific case now, it's just about not letting people without an account (so inside the "circle of trust") enter the shared storage space. We could go on forever on whether or not this is a secure workflow, but thankfully that's not our topic here.

But just for OAuth-based access granted or denied, I think that would be fine?
Precisely this. Get torii up and running, provide a login template/route/component/whatever is lighter and bounce unauthenticated sessions back to the home/login route. These are details I didn't think thoroughly yet, since I spent most of my time trying to find an elegant way around the way Davros is built now. All this off by default, which remains to be seen in practice how it should be implemented.

You make a good point with the middleware, it's definitely worth looking at as a next step for me. I'll have a look tomorrow and check how/if it could be used.

Thanks a lot, please let me know what do you think of the above ideas. I'd be quite happy to get my hands into this project a little, since I got a bit too familiar with it now to move away easily :)

@omsenjalia
Copy link

@mnutt btw is it possible to have google OAuth

@ocdtrekkie
Copy link
Contributor

@mnutt btw is it possible to have google OAuth

Davros runs as an app inside Sandstorm, and Google OAuth authentication is supported in Sandstorm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants