Here's how signing into GitHub from the Projects app works:
- From Projects (in iframe; served from
https://ipfs.eth.aragon.network/ipfs/): callswindow.opento open a popup. - The popup loads
https://github.com/login/oauth/authorize; the user signs in; GitHub redirects to the Authorization Callback URL configured for our GitHub OAuth App, providing it acode(we can specify this using aredirect_uriparameter to GitHub, but thisredirect_urimust match-with-more-specificity the URL we already configured). - The popup loads our Authorization Callback URL, which calls
opener.postMessage({ code })– thisopenerrefers to the page that opened this popup. - The Projects app is that page (hopefully! see security note below); it listens for these posted messages, grabs the code, and hits a lightweight server process where our OAuth App's server-side key is stored, which uses the code to load an authentication token for that user. The Projects app saves that token so it can make calls to GitHub as the user.
This mini app deals with Step 3 above.
Note that any app, not just Projects, could open a popup that loads the OAuth page for our app, which dutifully redirects to this app. This app then blindly passes code to the calling page, which allows any app to sign in users with our GitHub OAuth App. We experimented with having this app check window.opener against known versions of the Projects app, but could not find a way to get it to work from within the Projects app iframe.
You will need aragonCLI installed globally: npm i -g @aragon/cli
The npm run deploy script will walk you through the rest. Key concept: if you update this app, you have to update the settings on GitHub. We have not yet scripted this piece. So:
- Update the code
- Run
npm run deploy; this will spin up a local ipfs node, addindex.html, and propogate it to theipfs.eth.aragon.networkgateway - Update GitHub settings with the new URL