You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a long-living branch named "max-cas" in GSA/srt-api and GSA/srt-ui. At this point in time, the login works by:
There is some non-angular JavaScript embedded on the Angular home page template that redirects the user to the CAS login page with the redirect URL of a REST API endpoint /casLogin.
The REST API endpoint will get the auth token from MAX CAS as part of the request URL
REST API validates the token and repackages a new token with a JWT and some other info and sends the user to the web app again
Other non-angular JavaScript embedded on the Angular home page template reads the URL and saves the JWT and other data into the html5 localStorage then redirects the user back to the Angular login page
The Angular login page detects the JWT in localStorage and authenticates the user.
We should at least consider changing this flow so that page flow is:
Angular home page -> CAS login -> Angular page -> logged in home screen
In other words, it feels like the web browser shouldn't be loading pages from the REST API directly.
The text was updated successfully, but these errors were encountered:
There is a long-living branch named "max-cas" in GSA/srt-api and GSA/srt-ui. At this point in time, the login works by:
We should at least consider changing this flow so that page flow is:
Angular home page -> CAS login -> Angular page -> logged in home screen
In other words, it feels like the web browser shouldn't be loading pages from the REST API directly.
The text was updated successfully, but these errors were encountered: