Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Properly integrate MAX CAS login with Angular app #2

Open
albertcrowley opened this issue May 15, 2019 · 0 comments
Open

Properly integrate MAX CAS login with Angular app #2

albertcrowley opened this issue May 15, 2019 · 0 comments

Comments

@albertcrowley
Copy link
Contributor

There is a long-living branch named "max-cas" in GSA/srt-api and GSA/srt-ui. At this point in time, the login works by:

  • There is some non-angular JavaScript embedded on the Angular home page template that redirects the user to the CAS login page with the redirect URL of a REST API endpoint /casLogin.
  • The REST API endpoint will get the auth token from MAX CAS as part of the request URL
  • REST API validates the token and repackages a new token with a JWT and some other info and sends the user to the web app again
  • Other non-angular JavaScript embedded on the Angular home page template reads the URL and saves the JWT and other data into the html5 localStorage then redirects the user back to the Angular login page
  • The Angular login page detects the JWT in localStorage and authenticates the user.

We should at least consider changing this flow so that page flow is:
Angular home page -> CAS login -> Angular page -> logged in home screen

In other words, it feels like the web browser shouldn't be loading pages from the REST API directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant