Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a Log Out endpoint available when the session API auth feature flag is enabled #9531

Closed
GPortas opened this issue Apr 18, 2023 · 0 comments · Fixed by #9533
Closed

Add a Log Out endpoint available when the session API auth feature flag is enabled #9531

GPortas opened this issue Apr 18, 2023 · 0 comments · Fixed by #9533
Assignees
@GPortas
Labels
pm.GREI-d-2.7.1 NIH, yr2, aim7, task1: R&D UI modules for creating datasets and supporting publishing workflows pm.GREI-d-2.7.2 NIH, yr2, aim7, task2: Implement UI modules for creating datasets and publishing workflows Size: 10 A percentage of a sprint. 7 hours. User Role: API User Makes use of APIs
Milestone
5.14

Comments

@GPortas
Copy link
Contributor

GPortas commented Apr 18, 2023
edited
Loading

Overview of the Feature Request

Initially, to emulate the JSF Log Out feature in the SPA, we considered the option of removing the JSESSIONID session cookie from the React application code, by accessing the browser cookies using a cookie management library. This solution would have the trade-off of not terminating the session in the backend, as JSF does when clicking log out, but considering the temporary lifetime of the session based API authentication, and that it will be executed on a closed and small beta testing environment, we did not find it a bad solution.

The problem with the previous solution and what makes it unfeasible is that the JSESSIONID cookie is HttpOnly, which means that it cannot be read or managed from javascript code. This has forced us to have to enable an endpoint to perform the Log Out.

Although the endpoint is publicly exposed, it only works when the feature flag is enabled, returning a server error otherwise. When the API evolves towards the final authentication mechanism, the logic of this endpoint will be modified to make it standard for all authentication mechanisms subject to Log Out (API Key is not subject to Log Out).

What kind of user is the feature intended for?

Dataverse frontend developers

What inspired the request?

What existing behavior do you want changed?

N/A

Any brand new behavior do you want to add to Dataverse Frontend?

New Log Out endpoint

Any related open or closed issues to this feature request?
@GPortas GPortas added User Role: API User Makes use of APIs Size: 10 A percentage of a sprint. 7 hours. pm.GREI-d-2.7.1 NIH, yr2, aim7, task1: R&D UI modules for creating datasets and supporting publishing workflows pm.GREI-d-2.7.2 NIH, yr2, aim7, task2: Implement UI modules for creating datasets and publishing workflows labels Apr 18, 2023
@GPortas GPortas self-assigned this Apr 18, 2023
@GPortas GPortas mentioned this issue Apr 18, 2023
Closed
This was referenced Apr 18, 2023
Closed
Merged
@GPortas GPortas changed the title Add new CORS headers for SPA MVP - API connectivity with session auth feature flag turned on Add a Log Out endpoint available when the session API auth feature flag is enabled Apr 26, 2023
pdurbin added a commit to GPortas/dataverse that referenced this issue May 8, 2023
@pdurbin
Merge branch 'develop' into 9531-session-api-auth-cors IQSS#9531
25e081d 
Conflicts:
src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java

Just a whitespace change vs mail settings being added.
@pdurbin pdurbin added this to the 5.14 milestone May 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GPortas GPortas

Labels
pm.GREI-d-2.7.1 NIH, yr2, aim7, task1: R&D UI modules for creating datasets and supporting publishing workflows pm.GREI-d-2.7.2 NIH, yr2, aim7, task2: Implement UI modules for creating datasets and publishing workflows Size: 10 A percentage of a sprint. 7 hours. User Role: API User Makes use of APIs
Projects
IQSS Dataverse Project
Status: No status
Milestone
5.14
2 participants
@pdurbin @GPortas