You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to add a new client module to encapsulate handling interacting with user authorization. This module will be used by all client api modules. The design of this module, and how it will interact with other parts of the SPA, is still not finalized.
Bearer tokens are issued by the WDK Service in a cookie (named Authorization). This will change such that the web client will make a request to the WDK service to get an authorization token. There are two different mechanisms for requesting an authorization token for a logged-in user vs a logged-out user. The entry point for each mechanism depends on a user-flow:
User flow when the web client first loads:
When the web client loads, check localstorage for an authorization token
If one does not exist, or if one does exist and it is expired, request a guest authorization token from the new /guest-login endpoint
If a 401 response is encountered with any service call, delete the existing Authorization token from localstorage and reload the page. Optionally, tell the user their session has been reset and they may need to log in again.
There will also be some changes to the login flow (the changes will be transparent to users):
User clicks on the login link, which will use a new client route as the destination url. Note that the user will already have a guest token at this point, since they have to go through the website to click the login link.
When the user successfully enters their credentials on oauth, they will be redirected to the new client route.
The new client route will make a request to the /login endpoint, including the necessary query params that the oauth redirect included.
The /login endpoint will respond with a bearer token as part of the response body.
The client will replace the guest Authorization token with the new one.
Finally, the client will redirect to the final destination.
Changes
Change redirect url for oauth to be a new client route.
New client route will make request to login endpoint to get bearer token.
Add new functions to call the /guest-login and /login enpoints.
Implement the user flows described above.
This depends on back end work. Issue to be linked.
The text was updated successfully, but these errors were encountered:
We need to add a new client module to encapsulate handling interacting with user authorization. This module will be used by all client api modules. The design of this module, and how it will interact with other parts of the SPA, is still not finalized.
Bearer tokens are issued by the WDK Service in a cookie (named Authorization). This will change such that the web client will make a request to the WDK service to get an authorization token. There are two different mechanisms for requesting an authorization token for a logged-in user vs a logged-out user. The entry point for each mechanism depends on a user-flow:
User flow when the web client first loads:
/guest-loginendpointThere will also be some changes to the login flow (the changes will be transparent to users):
/loginendpoint, including the necessary query params that the oauth redirect included./loginendpoint will respond with a bearer token as part of the response body.Changes
/guest-loginand/loginenpoints.This depends on back end work. Issue to be linked.
The text was updated successfully, but these errors were encountered: