Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): Redirect to OpenShift login on empty auth request #748

Merged
merged 13 commits into from
Dec 10, 2021
Merged

feat(auth): Redirect to OpenShift login on empty auth request #748

merged 13 commits into from
Dec 10, 2021

Conversation

jan-law
Copy link
Contributor

@jan-law jan-law commented Nov 4, 2021
edited by andrewazores
Loading

Related #717
Depends on cryostatio/cryostat-operator#292
Depends on cryostatio/cryostat-web#350

Edit: changed Fixes to Related as we will need a follow-up PR to add the logout feature

Screencast.from.2021-12-01.03.10.16.PM.mp4

As of now, I've also set the grantMethod to prompt. If a user logs into Cryostat via the OCP login page for the first time, they will see this page before they are redirected to the dashboard. Alternatively, I can set grantMethod: auto to hide this page. (OAuth Grant Options docs)

image

@jan-law jan-law added the feat New feature or request label Nov 4, 2021
@jan-law jan-law mentioned this pull request Dec 1, 2021
Merged
andrewazores
andrewazores reviewed Dec 1, 2021
View reviewed changes
Copy link
Member

@andrewazores andrewazores left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite my nitpicking of fine internal details, this looks excellent and I'm really excited to have it in a future release. It will really smooth out the user experience and makes it feel much more polished and well-integrated into the deployment platform.

@jan-law jan-law force-pushed the oauth-redirect branch 4 times, most recently from 91a4a13 to a621150 Compare December 7, 2021 19:59
This was referenced Dec 8, 2021
Closed
Merged
@github-actions github-actions bot removed the dependent label Dec 9, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Dec 9, 2021

🎉 Great news! Looks like all the dependencies have been resolved:

💡 To add or remove a dependency please update this issue/PR description.

Brought to you by Dependent Issues (:robot: ). Happy coding!

@jan-law jan-law marked this pull request as ready for review December 9, 2021 22:58
@andrewazores
Copy link
Member

Awesome, seems to be working great.

One question I have, which is definitely out of the scope of this specific PR, is if we can somehow get the OAuth redirected login page to remember our credentials so that they don't need to be provided every time. Is there some cookie we need to set and send along with the request when we redirect the user to OAuth perhaps?

@jan-law
Copy link
Contributor Author

jan-law commented Dec 10, 2021

Here's what happens if I login a second time. Do you mean to make a different request to the OAuth server if we already have a token to prevent another redirection?
I also believe you'll have to provide your credentials on the container platform login page again once the token expires after 24 hours.

Screencast.from.2021-12-10.11.57.48.AM.mp4 
INFO: (10.129.0.1:42292): POST /api/v2.1/auth 302 74ms
Dec 10, 2021 4:57:51 PM io.cryostat.core.log.Logger info
INFO: (10.129.0.1:42294): GET /health 200 95ms
Dec 10, 2021 4:57:52 PM io.cryostat.core.log.Logger info
INFO: (10.129.0.1:42290): GET /api/v1/grafana_datasource_url 200 1ms
Dec 10, 2021 4:57:52 PM io.cryostat.core.log.Logger info
INFO: (10.129.0.1:42296): GET /api/v1/grafana_dashboard_url 200 2ms
Dec 10, 2021 4:57:52 PM io.cryostat.core.log.Logger info
INFO: (10.129.0.1:42292): GET /api/v1/notifications_url 200 2ms
Dec 10, 2021 4:57:53 PM io.cryostat.core.log.Logger info
INFO: (10.129.0.1:42296): POST /api/v2.1/auth 200 493ms

@andrewazores
Copy link
Member

Hmm. Let me try that again with Chrome. I'm in Firefox and when I tried closing and re-opening the Cryostat tab, or even just F5 refreshing it, I was redirected back to the platform OAuth login page and had to re-enter my credentials. Maybe it's a browser-specific thing, or maybe it's one of my installed add-ons.

@andrewazores
Copy link
Member

Nope, doesn't seem to be browser-specific. Same behaviour in Firefox, Chrome, and ungoogled-chromium. Maybe this is a CRC thing?

@andrewazores
Copy link
Member

oauth-redirect-crc-2021-12-10_12.34.22.mp4

Here's what I see deployed in CRC and using Chrome in this video. The last OAuth login page at the end is from me pressing Ctrl-R.

@jan-law
Copy link
Contributor Author

jan-law commented Dec 10, 2021
edited
Loading

Maybe this is a CRC thing?

Possibly? Firefox and Chrome show the same behavior as what I posted above. Refreshing keeps you logged in.

@andrewazores andrewazores merged commit 2e9ccc4 into cryostatio:main Dec 10, 2021
@jan-law jan-law deleted the oauth-redirect branch December 10, 2021 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewazores andrewazores andrewazores approved these changes

Assignees
No one assigned
Labels
feat New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-law @andrewazores