Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport #28

Closed
brentmartin opened this issue Apr 11, 2022 · 5 comments · Fixed by #87
Closed

🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport #28

brentmartin opened this issue Apr 11, 2022 · 5 comments · Fixed by #87
Assignees
@gdixon @shavinac

Comments

@brentmartin
Copy link

brentmartin commented Apr 11, 2022
edited
Loading

GIVEN that I am logged into my passport
WHEN I click the call to action on the Twitter stamp
THEN I see a message that ask me to sign in through OAuth
AND WHEN I have successfully sign in through OAuth
THEN my Twitter stamp shows that I am verified

Notes

  • For later - should requirement to have a minimum number of followers on Twitter?
  • For later - Just collect follower information for scoring?
  • For later - What other information can we collect to verify a Twitter account? Past # of tweets? Recent tweets? Following? Followers?

Story Points
2
@brentmartin
Copy link
Author

Look into how Gitcoin Trust Bonus does this - if the "Tweet and check tweet" strategy is leaner, then consider it.

@shavinac
Copy link
Contributor

Testing is blocked due to Twitter suspending our developer acct/app

@gdixon
Copy link
Contributor

gdixon commented May 12, 2022

The twitter account is good to go again, we got caught up in an automated bulk banning system that caught us by mistake 😅

shavinac added a commit that referenced this issue May 12, 2022
@shavinac
feat(iam): add twitter oauth procedure. implement twitter provider logic
f4fb924 
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
@shavinac
Copy link
Contributor

for reference: why twitter oauth doesn't work in the browser: microsoft/reverse-proxy#1675

@brentmartin brentmartin changed the title As a passport holder, I can add a Twitter stamp to my passport 🎫 [STAMPS] As a passport holder, I can add a Twitter stamp to my passport May 13, 2022
gdixon pushed a commit that referenced this issue May 16, 2022
@shavinac @gdixon
feat(iam): add twitter oauth procedure. implement twitter provider logic
057dca5 
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
@gdixon gdixon mentioned this issue May 16, 2022
Merged
shavinac added a commit that referenced this issue May 17, 2022
@shavinac
feat(iam): add twitter oauth procedure. implement twitter provider logic
df6af36 
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 17, 2022
@shavinac
feat(app, iam): add twitter oauth stamp
162313b 
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 17, 2022
@shavinac
feat(app, iam): add twitter oauth stamp
70f7bae 
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
shavinac added a commit that referenced this issue May 18, 2022
@shavinac
feat(app, iam): add twitter oauth stamp
d444962 
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[#28]
@shavinac
Copy link
Contributor

Closed by #87

0xflywill pushed a commit to 0xflywill/passport that referenced this issue Sep 6, 2022
@shavinac
feat(app, iam): add twitter oauth stamp
6c3c032 
App:
- twitter oauth redirect appears as a popup
- callback variables (passed as query params in redirect back from
  twitter) are passed between windows
- updates other card tests to remove unnecessary test data

IAM Server:
- add procedures/twitterOauth.ts to handle server-side OAuth 2.0 flow
- implement providers/twitter.ts to verify a user's username given an oauth
  access code and session key

we must implement OAuth flow server-side because Twitter API currently does not allow
the bearer token request from a browser (CORS issue). this means the
twitter stamp is a multi-step process:
1. app requests the authorization url from iam, prompts user to click
   through
2. when user clicks through to twitter, and approves the oauth request,
   twitter redirects user back to app
3. app collects access code and state (session key) from query
   parameters on the redirect
4. app passes in access code and session key with the actual verify
   request to iam. iam exchanges access code for an auth bearer token to
verify user's twitter info, and verify flow proceeds as normal

[passportxyz#28]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gdixon gdixon

@shavinac shavinac

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat(app, iam): Implements Twitter OAuth as a Provider passportxyz/passport
3 participants
@brentmartin @gdixon @shavinac