navzam / token-store-multi-service-sample Goto Github PK
View Code? Open in Web Editor NEWSample web app that uses Token Store to manage access tokens to multiple external services
Sample web app that uses Token Store to manage access tokens to multiple external services
In the OnGetAsync()
of the PostLogin
page, the call to Token Vault's /save
endpoint should be pulled out into its own method.
Currently the ARM template uses one AAD app registration for both authentication into the app and authorization against Graph. This won't work because they need different redirect URLs. Logging into the app needs to redirect directly to the app, while auth against Graph is handled by Token Vault and needs to redirect to a Token Vault URL.
The easy solution would be to require two AAD app registrations, but that would make the sample confusing and developers will wonder why they have to register two apps.
On the Index page, the login URLs for the external services have PostLoginRedirectUrl
s that are hardcoded to localhost
for local development. This will cause issues when deployed to Azure.
We need an ARM template that includes the Token Vault (and sub-resources), Web App (and managed identity), and any other Azure resources required for the sample.
Currently we store the token name in session at the end of the Index
page handler. But if there is a long period of time before the user clicks on a login URL, then the session may expire, causing the post-login redirect flow (which checks that session data) to fail.
It might be better to store the session data when the user actually clicks on a login URL.
There is a Login
page, which is used to trigger the initial auth flow into the app. There is also a PostLogin
page, which is the redirect page after the user connects to a service. These are two separate auth flows, so the page names are confusing.
Currently we make a GET
request to /services/{service-id}/tokens/{token-id}
whenever we need the access token. This is intended to get metadata for the token resource, not the actual access token, so it doesn't refresh expired access tokens.
Instead we should make a POST
request to the same endpoint, or switch to the /accessToken
endpoint.
In the README, we need instructions on how to run the sample, including any resources that need to be deployed and environment variables that need to be set.
Currently the sample uses Token Vault's oauth2generic
provider to support the AAD v2 auth flow. If Token Vault includes an AAD v2 managed provider in the future, the sample should use that instead.
In the README, we need an explanation of the purpose of the sample and how it works.
The models for TokenVaultToken
and related classes were autogenerated, so they're pretty crude. Clean these up.
Currently there is no way to sign out from the app. There should be a way to sign out so that you can sign back in using a different account.
Currently there is no way to disconnect from AAD/Dropbox after connecting to them. There should be a way to disconnect so that the app no longer associates your account with those services.
The Razor pages for Login
and PostLogin
are never shown. Both pages redirect to other pages, so having .cshtml
files for them doesn't make sense.
After creating the ARM template, it'd be great to have a one-click "Deploy to Azure" button in the README that will deploy the required resources to the user's Azure subscription.
Currently for the token name, we use the user's object identifier, which is universal in AAD. It might be better to use the name identifier, which is unique for a specific AAD application. This isn't possible yet because the name identifier may contain characters (such as underscores) that Token Vault does not allow in the token name.
Update the repo name, README, and any code references to "Token Vault" if the service is renamed
If the user does not accept the "Use this space to summarize your privacy and cookie use policy. Learn More." banner on the main page, logging into either of the services results in an Error page.
Error.
An error occurred while processing your request.
Request ID: 8000001c-0000-e900-b63f-84710c7967bbDevelopment Mode
Swapping to the Development environment displays detailed information about the error that occurred.The Development environment shouldn't be enabled for deployed applications. It can result in displaying sensitive information from exceptions to end users. For local debugging, enable the Development environment by setting the ASPNETCORE_ENVIRONMENT environment variable to Development and restarting the app.
Proposed solution: Detect whether the user has accepted, and don't let them connect accounts until they accept
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.