authwave / php-client Goto Github PK

Currently client code does not know when a user logs in for the first time, only that they are or are not logged in.

The provider needs to know that a log out has occurred, so that the provider and application state are in sync.

It's really useful to be able to make a quick login while on development, but it doesn't necessarily need to perform the whole authentication on a remote provider.

It would be useful to be able to perform a fake login that only works on localhost by default.

This has caught me out more than once while building Authwave. I see currentPath, so I provide it with $this->server->getRequestUri(), but the provider actually requires the host too, to load the correct settings on the provider's database. This could be fixed by changing the name of the parameter to indicate that the full path with host is required, but would be cleaner to provide it as two parameters.

It will make it easier to work with, especially when deconstructing query string parts.

Currently after login completes, the provider will always return to the current URI. Add a new function to Authenticator, such as setReturnUri(string $uri).

When logging in, the provider should know how long the user should remain logged in for before being automatically logged out.

Authwave's provider will redirect back to the provided "currentUri" value after a successful authentication. The current path is transferred to the provider within the path query string, uri-encoded. It is a safe assumption that the current uri contains its own query string, and this is a good opportunity to strengthen some edge-case tests.

Work will need to be done in this repository and the Authwave/provider to allow redirecting to localhost or similar local hostname, without having to hardcode values or change settings within the provider itself.

Initial idea: create a development client key within the provider which will use a preconfigured host, or even the referer header.

RedirectHandler should construct with a nullable callback function. If it's not supplied, then continue using the header() call by default, otherwise call the callback.

This will allow passing in the Gt\Http\Response's redirect function, like this:

new Authenticator(
	$this->config->getString("authwave.api_key"),
	$serverInfo->getRequestUri(),
	$this->config->getString("authwave.host"),
	$awSession,
	$response->redirect(...),
);