Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth Feature - Fourth Iteration #30

Open
babblebey opened this issue Apr 4, 2024 · 1 comment · May be fixed by #133
Open

Auth Feature - Fourth Iteration #30

babblebey opened this issue Apr 4, 2024 · 1 comment · May be fixed by #133
Assignees
Labels
↗️ medium priority This issue is crucial ✨ enhancement New feature or request

Comments

@babblebey
Copy link
Member

babblebey commented Apr 4, 2024

The third iteration of the auth feature should focus on enhancing the OAuth flow and adding a signout/disconnect feature.

This is a follow up to the initial iterations...

Tasks

  1. Store OAuth Flow State Object in Cookies: Implement the todo that suggests storing the OAuth flow state object to cookies. This stored state should be compared with the state param returned from the GitHub OAuth flow in the github/oauth/callback handler to prevent CSRF attacks.

  2. Implement Signout/Disconnect Feature: Create a helper function that can be exported from the doAuth action to handles signout/disconnect functionality. This function should:

    • Clear the token data saved in the cookie for jargons.dev:token.
    • Redirect the user to the homepage of the web app.

Related Files

  • github/oauth/callback.js
  • lib/actions/do-auth.js

Acceptance Criteria

  • OAuth flow state object is stored in cookies and compared with the state param.
  • Signout/disconnect feature is implemented and accessible through the doAuth action

Additional Notes

  • Nothing much... just ask a question or share ideas, if you've got any 😉
@babblebey babblebey added ✨ enhancement New feature or request ↗️ medium priority This issue is crucial labels Apr 4, 2024
@babblebey babblebey changed the title Auth Feature - Third Iteration Auth Feature - Fourth Iteration Apr 18, 2024
The-CodeINN added a commit to The-CodeINN/jargons.dev that referenced this issue Dec 21, 2024
Fixes jargonsdev#30

Implement the OAuth flow state object storage in cookies and the signout/disconnect feature.

* Store the OAuth flow state object in cookies in `src/lib/actions/do-auth.js` and compare it with the `state` param in the `doAuth` function.
* Retrieve the stored state from cookies in `src/pages/api/github/oauth/callback.js`, compare it with the `state` param, and delete the stored state from cookies after comparison.
* Update the signout/disconnect link in `src/components/islands/profile.jsx` to point to the new signout route.
* Update the signout logic in `src/pages/logout.astro` to use the new signout function from `doAuth`.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/jargonsdev/jargons.dev/issues/30?shareId=XXXX-XXXX-XXXX-XXXX).
@The-CodeINN The-CodeINN linked a pull request Dec 21, 2024 that will close this issue
@The-CodeINN
Copy link

Kindly update the specifications and assign. i'd like to work on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
↗️ medium priority This issue is crucial ✨ enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants