salte-auth / salte-auth Goto Github PK
View Code? Open in Web Editor NEW💻🗝 Authentication for the modern web!
License: MIT License
💻🗝 Authentication for the modern web!
License: MIT License
☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.
Branch | Build failing 🚨 |
---|---|
Dependency | nps |
Current Version | 5.7.1 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
nps is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
<a name"5.8.0">
The new version differs by 8 commits.
b5769c9
chore(release): fix release issues
85b89b9
docs: removed codeSponsor (#166)
9338d72
feat: add help style support (#164)
fc7e660
docs(maintaining): update maintaining.md
23a7c43
docs: Utils documentation fix (#163)
a4ce471
test: Use jest mock instead of sinon spy (#162)
49a56a2
docs: add sponsor.io
f1568e8
chore(package): Bump dev deps (#161)
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Branch | Build failing 🚨 |
---|---|
Dependency | uuid |
Current Version | 3.1.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
uuid is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 14 commits.
c0d44fd
Publish v3.2.0 (#240)
eaa9f4e
Use standard-version for release (#246)
67d697c
Fix #248 (#251)
1fef18b
fix: use msCrypto if available. Fixes #241 (#247)
815daa3
eslint (#224)
bba9402
eslint (#219)
0ea33e6
use typeof to check for crypto rather than global. Fixes #185 (#221)
c1f720d
Defer random initialization of node and clockseq. Fixes #189 (#220)
dc02a76
UUID v3 Support (#217)
72fbabb
Corrected version from v4->v5 in README_js.md (#215)
962c80a
Use runmd to build README (#204)
e2389b3
Fix parentheses typo in README.md (#203)
880d24e
Update README.md (#208)
8e23981
Fix buffer not being modified (uuid v5) (#201)
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
node-uuid
doesn't support being pulled in via a <script>
tag, so we need to compile it with our code.
Branch | Build failing 🚨 |
---|---|
Dependency | coveralls |
Current Version | 2.11.16 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
As coveralls is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.
I recommend you give this issue a high priority. I’m sure you can resolve this 💪
Adds branch coverage data to Coveralls API post.
There is a collection of frequently asked questions and of course you may always ask my humans.
Your Greenkeeper Bot 🌴
Replace window-level bindings with class properties
This seems to be linked to how we're opening the new tab.
salte-auth
isn't recognizing it as a window owned by us.
This is due to us having to name the window _blank
in order to initiate a new tab rather then a popup.
The new tab closes after we're redirected to our site.
The new tab stays open after redirecting.
https://glitch.com/edit/#!/remix/salte-auth-demo
☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.
Branch | Build failing 🚨 |
---|---|
Dependency | babel-loader |
Current Version | 7.1.3 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
babel-loader is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
By default, this component uses sessionStorage to store state information. However, it will also allow the consuming application to specify that localStorage be used instead by passing the following key/value pair to the init function: cacheLocation: 'localStorage'. This capability should be made more prominent by adding it to the documentation at the top of salte-auth.js.
The callback timeout is currently hard-coded to 6 seconds, which may not be long enough depending upon the performance of the token provider being used, network latency issues, etc. As a result, we will expose this through the config object so the consumer can provide their own timeout value. If not provided we will default the value to 6 seconds.
Most browsers don't support opening a popup without a user event.
The browser opens a popup.
The browser doesn't open a popup.
https://salte-auth-144.glitch.me
When running yarn run tdd
the command will fail when any files are changed.
AngularJS 1.6 changed the default hashPrefix value to the bang symbol. As a result, we had to expose the hashPrefix through the configuration object to enable the consuming application to provide it.
You are currently required to list the API endpoints that require authentication to a list of endpoints in the configuration. This, in turn, results in the component making a round-trip to the identity provider the first time each of the API endpoints listed is called. This needs to be enhanced so that any API calls not explicitly listed in the endpoints list or a new anonymous list are enriched with a shared access_token.
When you attempt to login to renew your access token on an IDP that doesn't support iFrames the request never resolves.
salte.auth.login().catch((error) => {
console.log(error);
/*
* {
* code: 'login_iframe_blocked',
* description: 'The identity provider is blocking login requests via iFrames.'
* }
*/
});
salte.auth.login().catch((error) => {
// The login promise falls into limbo as theres no way for it to resolve
});
Convert salte-auth
to ES6
I'm trying to use the latest 2.x version of SalteAuth with Angular. Calling loginWithRedirect with all routes secure returns the invalid_state error code "State provided by identity provider did not match local state."
Debugging SalteAuth I found the following occurs in this order:
SalteAuth.loginWithRedirect only calls loginWithRedirect internally and passes the correct state
SalteAuth.loginWithRedirect passes the wrong state due to both loginWithRedirect and loginWithIframe being called internally
this.auth = new SalteAuth({
provider: 'wso2',
clientId: authConfig.clientId,
providerUrl: authConfig.provider,
responseType: 'id_token token',
redirectUrl: location.origin + '/authorize',
redirectLoginCallback: this.handleRedirect.bind(this),
scope: 'openid',
routes: true,
endpoints: ['/api'],
});
Simplify the code by replacing the wheel reinventing _guid
function with node-uuid.
The tests should be run via Sauce Labs on the following browsers:
This issue is here to facilitate discussion regarding the structure of the API for 2.0
/**
* Authenticates using the iframe-based OAuth flow.
* @return {Promise} a promise that resolves when we finish authenticating
*/
salte.auth.signInWithIframe();
/**
* Authenticates using the popup-based OAuth flow.
* @return {Promise} a promise that resolves when we finish authenticating
*/
salte.auth.signInWithPopup();
/**
* Authenticates using the redirect-based OAuth flow.
*/
salte.auth.signInWithRedirect();
/**
* Unauthenticates using the iframe-based OAuth flow.
* @return {Promise} a promise that resolves when we finish deauthenticating
*/
salte.auth.signOutWithIframe();
/**
* Unauthenticates using the popup-based OAuth flow.
* @return {Promise} a promise that resolves when we finish deauthenticating
*/
salte.auth.signOutWithPopup();
/**
* Unauthenticates using the redirect-based OAuth flow.
*/
salte.auth.signOutWithRedirect();
/**
* Whether the user is currently authenticated
*/
salte.auth.profile.authenticated;
/**
* The date and time that the access token will expire in unix time
*/
salte.auth.profile.expiration;
/**
* The url that we will redirect to when signInWithRedirect is used
*/
salte.auth.profile.redirectUrl;
We have no intention of support IE9 or below, therefore polyfilling the atob function is unnecessary.
Branch | Build failing 🚨 |
---|---|
Dependency | sinon |
Current Version | 4.1.4 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
sinon is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
This release fixes an issue, where the server type from useFakeServer
is unexpected (#1534)
The new version differs by 6 commits.
706ac9e
Update docs/changelog.md and set new release id in docs/_config.yml
dd9c75c
4.1.5
81fb949
Update History.md and AUTHORS for new release
ec2496d
Run mochify with --allow-chrome-as-root on travis
bb5529b
Use nise.fakeServer as the sandbox serverPrototype
ef81c37
Update package-lock.json
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Add support for Okta's Identity Provider.
Research the feasibility and implications of preventing the web-based application's session from timing out. This could be useful while an application is under development or allows the user to manage large client-side updates before invoking server-side code. If the latter applies than it is assumed that the application is running in a secured environment where the display device has a timeout and lock-screen of its own.
Branch | Build failing 🚨 |
---|---|
Dependency | yargs |
Current Version | 10.1.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
yargs is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 4 commits.
232f9ca
chore(release): 10.1.1
e87f487
docs: fix middlware docs (#1037)
331d103
fix: Add dirname
sanity check on findUp
(#1036)
0942a15
chore: use chai 4.x (#1033)
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.
Branch | Build failing 🚨 |
---|---|
Dependency | webpack |
Current Version | 4.0.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
version
property to webpack exportsimport()
with CJS now gives correct exportsThe new version differs by 8 commits.
5044762
4.0.1
7fd5c6f
Merge pull request #6585 from webpack/bugfix/bailout-messages
8e592bf
Merge pull request #6575 from nveenjain/addVersion
e7aba18
fix incorrect optimization bailout messages
9f9c3d1
Merge pull request #6583 from webpack/bugfix/import-cjs
8bf1574
CJS fake namespace object contains exports now
d50fa68
add newlines
05174ae
Added version to webpack's export property
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Branch | Build failing 🚨 |
---|---|
Dependency | babel-core |
Current Version | 6.24.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
As babel-core is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.
I recommend you give this issue a high priority. I’m sure you can resolve this 💪
There is a collection of frequently asked questions and of course you may always ask my humans.
Your Greenkeeper Bot 🌴
Sometimes users want to know when salte-auth
fires off a login
or logout
event.
This should be facilitated via a new listeners
api.
/**
* Listens for an event to be invoked.
* @param {('login'|'logout')} eventType the event to listen for.
* @param {Function} callback A callback that fires when the specified event occurs.
*/
salte.auth.on(eventType, callback);
/**
* Deregister a callback previously registered.
* @param {('login'|'logout')} eventType the event to deregister.
* @param {Function} callback A callback that fires when the specified event occurs.
*/
salte.auth.off(eventType, callback);
This was originally forked from the Azure Active Directory Authentication Library but has been dramatically revamped to support additional OpenID Connect and OAuth 2.0 Identity providers (as well as continuing to support AADAL). Even so, the usage instructions will be very much the same with a few minor tweaks.
Branch | Build failing 🚨 |
---|---|
Dependency | mocha |
Current Version | 4.0.1 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
mocha is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
This is mainly a "housekeeping" release.
Welcome @Bamieh and @xxczaki to the team!
progress
reporter now accepts reporter options (@canoztokmak)xit
in bdd
interface now properly returns its Test
object (@Bamieh)--help
will now help you even if you have a mocha.opts
(@Zarel)--no-diff
flag will completely disable diff output (@CapacitorSet)docs/
(@boneskull)The new version differs by 409 commits.
6b9ddc6
Release v4.1.0
3c4b116
update CHANGELOG for v4.1.0
5be22b2
options.reporterOptions
are used for progress reporter
ea96b18
add .fossaignore [ci skip]
adc67fd
Revert "[ImgBot] optimizes images (#3175)"
ae3712c
[ImgBot] optimizes images (#3175)
33db6b1
Use x64 node on appveyor
4a6e095
Run appveyor tests on x64 platform. Might enable sharp installation
3abed9b
Lint netlify-headers script
119543e
Add preconnect for doubleclick domain that google analytics results in contacting
bd5109e
Remove crossorigin='anonymous' from preconnect hints. Only needed for fonts, xhr and es module loads
123ee4f
Handle the case where all avatars are already loaded at the time when the script exexecutes
64deadc
Specific value for inlining htmlimages to guarantee logo is inlined
8f1ded4
https urls where possible
d5a5125
Be explicit about styling of screenshot images
There are 250 commits in total.
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
OAuth 2.0 validation information needs to be passed to the forgotPassword url, as such trying to implement this on the end-developer side is a bit difficult.
Instead we should implement a function that either generates a forgotPassword url if it can or it throws an error saying it isn't support for the given provider.
https://some-user-pool.auth.us-east-1.amazoncognito.com/forgotPassword?state=cb9bb075-58c8-4c71-93ff-f605baa913fe&nonce=1d0c3f15-2e89-4dd2-a1e7-92ccee7734f3&response_type=token&redirect_uri=<my-redirect-uri>&client_id=<my-client-id>&scope=openid
Branch | Build failing 🚨 |
---|---|
Dependency | webpack |
Current Version | 3.0.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
As webpack is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.
I recommend you give this issue a high priority. I’m sure you can resolve this 💪
this
in a IIFEcacheWithContext: false
by default when it's safesortModules
to Chunk
which is required in extract-text-plugin to support webpack 3!
with truthy webpack identifier will evaluate correctlyThe new version differs by 95 commits.
4bb3018
3.1.0
7e757cd
Merge pull request #5194 from webpack/feature/hoist_regex_literals
2879fb3
Merge pull request #5225 from hulkish/feature/added-chunk-sortModules-method
5f08aa4
removed default params for node 4
cadf9f7
added sortModules method to Chunk class
70b7d2f
fix(sp): spelling mistake in const name
0ab36c4
Merge pull request #5196 from AndersDJohnson/multi-compiler-functions
2eccb19
Merge pull request #5081 from KTruong888/4099_es6_refactor_lib_hot_module_replacement_plugin
e365b2e
Merge pull request #5210 from ematipico/master
7913789
Merge pull request #5220 from liuyuanyangscript/master
15becbd
README.md bugfix
2ccc1fd
Changed statement 'var' to 'const'
a589a6c
Merge pull request #5183 from kahwee/patch-1
c2fa5d4
feat(perf): remove unneded regexp escape
987a9f3
feat(perf): hoist final regexp
There are 95 commits in total.
See the full diff
There is a collection of frequently asked questions and of course you may always ask my humans.
Your Greenkeeper Bot 🌴
Convert tests to use Mocha and Chai.
WSO2's implementation if the id_token flow sends the ID token back as a query parameter instead of a URL fragment. This is not in alignment with the OpenID Connect specification and is generally considered to be a bad practice because of security concerns. As a result, we need to force the user to explicitly state that they want this behavior to be enabled.
Callback doesn't get executed when logging in with a popup via salte-auth-angular
.
Callback gets executed when logging in with a popup via salte-auth-angular
.
Callback doesn't get executed when logging in with a popup via salte-auth-angular
.
Certain tests will fail when executed on their own and pass when executed with others.
latest
branch.npmrc
semantic-release
13+If you use the fetch api with the URL / Request object then the request fails.
The request succeeds.
The request fails.
Branch | Build failing 🚨 |
---|---|
Dependency | html-loader |
Current Version | 0.5.4 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
html-loader is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 3 commits.
27026d2
chore(release): 0.5.5
9515410
fix(index): don't prepend ./
to the URL on interpolate=require
(options.interpolate
) (#165)
5af6884
docs(CHANGELOG): rm redundant entries
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Authorizing against a multi-tenant instance of WSO2 Identity Server requires the tenant domain that the user wishes to authenticate against to be passed as a query parameter called "tenantDomain."
☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.
Branch | Build failing 🚨 |
---|---|
Dependency | karma-webpack |
Current Version | 2.0.9 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
karma-webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Currently we support logging in via a popup, iframe, and redirect.
However we do not have an option to explicitly login via a new tab.
/**
* Authenticates using the new-tab-based OAuth flow.
* @return {Promise} a promise that resolves when we finish authenticating
*/
salte.auth.loginWithNewTab();
/**
* Authenticates using the new-tab-based OAuth flow.
* @return {Promise} a promise that resolves when we finish authenticating
*/
salte.auth.logoutWithNewTab();
Branch | Build failing 🚨 |
---|---|
Dependency | webpack-dev-server |
Current Version | 2.10.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
webpack-dev-server is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Currently salte-auth
utilizes callbacks to let the user know
when a request is done. Instead we should use Promises.
Rather then utilizing route change functionality within various
frameworks we should implement a central set of functionality
within salte-auth
.
Currently having salte-auth
be a singleton is forcing users to utilize it in a certain way.
By revoking its singleton status we put the control in the hands of the developers.
EDIT (April 8th, 2019)
Effectively this was making it impossible to create multiple instances of SalteAuth
since it would reference the global version of giving the user a new instance.
While this functionality has been removed in v3.0.0 it also isn't entirely relevant anymore since users can register multiple providers.
This a followup to #135. This is a very similar issue.
I'm getting a state mismatch error and an additional authorize call to get the access token during a loginWithRedirect call.
This is due to having all routes secure and $onRouteChanged being triggered on the initial route
loginWithRedirect returns no state mismatch error and makes no extra authorize calls during the login process
loginWithRedirect returns a state mismatch error during the login process and makes an extra authorize call
Don't authenticate a secure route during a login. I will open a PR with a proposed solution to resolve this issue.
AngularJS 1.6.0+ prefixes the callback URL with a hash/bang combination with no trailing slash between the hash/bang and the fragment sent back with the access token (e.g. #!#access_token=...). Some identity providers support including the hash/bang in the callback URL and then they exclude the hash from the fragment. Other identity providers support including the hash/bang in the callback URL but still include the hash in the fragment. The bottom line is that there are a lot of Identity provider inconsistencies in handling the fragment-portion of the URL and its relationship to other hashes that might be included in the callback URL or added by the front-end JavaScript framework prior to an interceptor parsing it. As a result, we need to be much more flexible in our approach to parsing the fragment sent back from the identity provider.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.