Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport #28

Closed
brentmartin opened this issue Apr 11, 2022 · 5 comments · Fixed by #87
Closed

🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport #28

brentmartin opened this issue Apr 11, 2022 · 5 comments · Fixed by #87
Assignees

Comments

@brentmartin
Copy link

brentmartin commented Apr 11, 2022

GIVEN that I am logged into my passport
WHEN I click the call to action on the Twitter stamp
THEN I see a message that ask me to sign in through OAuth
AND WHEN I have successfully sign in through OAuth
THEN my Twitter stamp shows that I am verified

Notes

  • For later - should requirement to have a minimum number of followers on Twitter?
  • For later - Just collect follower information for scoring?
  • For later - What other information can we collect to verify a Twitter account? Past # of tweets? Recent tweets? Following? Followers?

Story Points
2

@brentmartin brentmartin moved this from Backlog to In Progress (WIP) in Passport Apr 11, 2022
@yonocan yonocan moved this from In Progress (WIP) to Backlog in Passport Apr 11, 2022
@brentmartin
Copy link
Author

Look into how Gitcoin Trust Bonus does this - if the "Tweet and check tweet" strategy is leaner, then consider it.

@shavinac shavinac moved this from Backlog to In Progress (WIP) in Passport May 11, 2022
@shavinac shavinac moved this from In Progress (WIP) to Blocked in Passport May 11, 2022
@shavinac
Copy link
Contributor

Testing is blocked due to Twitter suspending our developer acct/app

@gdixon
Copy link
Contributor

gdixon commented May 12, 2022

The twitter account is good to go again, we got caught up in an automated bulk banning system that caught us by mistake 😅

@shavinac shavinac moved this from Blocked to In Progress (WIP) in Passport May 12, 2022
shavinac added a commit that referenced this issue May 12, 2022
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
@shavinac
Copy link
Contributor

for reference: why twitter oauth doesn't work in the browser: microsoft/reverse-proxy#1675

@brentmartin brentmartin changed the title As a passport holder, I can add a Twitter stamp to my passport 🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport May 13, 2022
gdixon pushed a commit that referenced this issue May 16, 2022
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 17, 2022
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 17, 2022
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 17, 2022
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 18, 2022
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
Repository owner moved this from In Progress (WIP) to Done (Needs Review) in Passport May 18, 2022
@shavinac
Copy link
Contributor

Closed by #87

@brentmartin brentmartin moved this from Done (Needs Review) to Tested/Accepted in Passport May 18, 2022
@shavinac shavinac moved this from Tested/Accepted to Deployed to Production in Passport Jun 21, 2022
@shavinac shavinac moved this from Deployed to Production to Tested/Accepted in Passport Jun 21, 2022
0xflywill pushed a commit to 0xflywill/passport that referenced this issue Sep 6, 2022
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[passportxyz#28]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants