Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat(app, iam): Implements Twitter OAuth as a Provider #87

Merged
merged 2 commits into from
May 18, 2022
Merged

Conversation

gdixon
Copy link
Contributor

@gdixon gdixon commented May 16, 2022

This PR adds the Twitter oauth authentication flow into the app and iam.

In order to keep this as close to the other implementations as possible, we pass the front-end as the callback url, and keep the IAM *relatively stateless.

* The sdk from Twitter stores state of the verification process in private structs on the sdk instance itself which prevents us from keeping this process entirely stateless.

We must retain sdk instances between connections, so in order to prevent memory leaks, we have a solution whereby each instance is deleted after 60s to give the user a short amount of time to hit authorise - if they don't authorise in time, then the system will be unable to complete the verification and the process will fail.

Connections/sessions are linked via a state variable that is generated by the IAM and passed through to Twitter and eventually the app as a queryString in a new window, which is then passed back to the original window via a BroadcastChannel.

--

Closes: #28

app/pages/Dashboard.tsx Outdated Show resolved Hide resolved
Copy link
Contributor

@shavinac shavinac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • FYI this won't build on M1 Macbooks due to the new microtime dependency added by broadcast-channel -- i was able to bypass by forcing "node-gyp": "^9.0.0" resolution
  • should clean up commit history before merging into main, unless you plan on squash-merging

app/components/ProviderCards/EnsCard.tsx Outdated Show resolved Hide resolved
@shavinac shavinac force-pushed the twitter-stamp branch 2 times, most recently from 95a843b to 645996d Compare May 17, 2022 19:42
shavinac added 2 commits May 17, 2022 14:57
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
…to install

- caused by the `microtime` dependency used by `broadcast-channel` package, used in @dpopp/app
-
`microtime` does not build for M1 Mac architecture, and also does not have an available pre-built
for M1 Mac
- one fix is to force use of a later version of node-gyp (v9.0.0)
@shavinac shavinac requested review from farque65 and dhxdev May 17, 2022 20:20
@farque65
Copy link
Contributor

farque65 commented May 17, 2022

Running into issues running this locally. I might be missing something. I did the following:

  • lerna bootstrap
  • yarn start
  • click verify on twitter stamp
  • click login on twitter prompt
  • then directed to twitter login page but the stamp is not verified/no meta mask prompt

@shavinac
Copy link
Contributor

Running into issues running this locally. I might be missing something. I did the following:

  • lerna bootstrap
  • yarn start
  • click verify on twitter stamp
  • click login on twitter prompt
  • then directed to twitter login page but the stamp is not verified/no meta mask prompt

What NEXT_PUBLIC_DPOPP_IAM_URL is your app using? Make sure to point to the localhost IAM server, since the review environment won't have these new changes yet

@farque65
Copy link
Contributor

farque65 commented May 17, 2022

Running into issues running this locally. I might be missing something. I did the following:

  • lerna bootstrap
  • yarn start
  • click verify on twitter stamp
  • click login on twitter prompt
  • then directed to twitter login page but the stamp is not verified/no meta mask prompt

What NEXT_PUBLIC_DPOPP_IAM_URL is your app using? Make sure to point to the localhost IAM server, since the review environment won't have these new changes yet

I added the following to the /app .env file

NEXT_PUBLIC_DPOPP_TWITTER_CALLBACK=http://localhost:3000/
NEXT_PUBLIC_DPOPP_PROCEDURE_URL=http://localhost:80/procedure/

@shavinac
Copy link
Contributor

shavinac commented May 17, 2022

I added the following to the /app .env file

NEXT_PUBLIC_DPOPP_TWITTER_CALLBACK=http://localhost:3000/ NEXT_PUBLIC_DPOPP_PROCEDURE_URL=http://localhost:80/procedure/

those look right. which NEXT_PUBLIC_DPOPP_IAM_URL are you using? it should be http://localhost:80/api/ to fetch/issue the credential properly

@farque65
Copy link
Contributor

I added the following to the /app .env file
NEXT_PUBLIC_DPOPP_TWITTER_CALLBACK=http://localhost:3000/ NEXT_PUBLIC_DPOPP_PROCEDURE_URL=http://localhost:80/procedure/

those look right. which NEXT_PUBLIC_DPOPP_IAM_URL are you using? it should be http://localhost:80/api/ to fetch/issue the credential properly

NEXT_PUBLIC_DPOPP_IAM_URL=http://localhost:80/api/

Copy link
Contributor

@farque65 farque65 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I have it running locally. I was able to add it to my passport. Shavina sent me the needed TWITTER_CLIENT_ID and TWITTER_CLIENT_SECRET for the /iam .env

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport
3 participants