Comments (11)
Rely on the SaaS response before logging in
@zackkatz on this, we're going to silently fail the auto log in if no response from SaaS then right?
from client.
@inztinkt Yep.
from client.
@zackkatz for the data we send to SaaS, if we send too much we could be seen as 'spying' on users.
I think we can get away with sending the $identifier
string and $_SERVER
array. Thoughts?
from client.
The only user it’s “spying” on is the support person. I don’t see this as a problem. @trustedlogin/core Shawn, I’d appreciate your thoughts.
from client.
Totally agree, but may get flagged by folks reviewing/checking plugin code that use TL CLient. So wanted to confirm.
from client.
from client.
I just remembered we are okay on that because the user sill have clicked a button to initiate access granting.
from client.
Makes sense to me. Just waiting on the endpoint at SaaS to send this to :)
from client.
ENDPOINT: /accounts/{accountId}/login-request
AUTHENTICATION: Add the Public Key as the Bearer token
Requires an accessKey in the request body:
{
"accessKey": {{access_key}}
}
I thought about putting the access key in the URL itself, but worried about there being access keys that contain a space? Could break. So used request body instead.
Does that work for you?
//cc @zackkatz
from client.
@shawnhooper Should we have an /activity
endpoint rather than a specific /login-request
endpoint?
We could do something like:
{
"accessKey": {{access_key}},
"activity": "login-request"
}
Does that make any sense? I'm not sure.
from client.
AccessKeyChecks::check_validity( $identifier )
pings <api>/verify-identifier
with the following info in the body:
array(
'identifier' => $identifier,
'timestamp' => time(),
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'user_ip' => $_SERVER['REMOTE_ADDR'],
);
@shawnhooper @zackkatz let me know if anything needs to be changed.
from client.
Related Issues (20)
- Only create the log folder when access is granted HOT 2
- Rely solely on WordPress 5.2-bundled Sodium
- Copy logger class from dependency HOT 4
- Make sure public key is stored before rendering allowing Grant Access
- Refactor out the form-generation from Admin.php to Form.php HOT 2
- Enable creating a support ticket from the Grant Access dialog HOT 1
- src/.wp-env.json is invalid. HOT 1
- REST API public key endpoint doesn't work with "Plain" permalink structure
- Convert transient usage to site options
- Cached vendor public key is stored in transient. Transients may not work. HOT 1
- Add subtle way to force refreshing Vendor public keys
- Endpoint:add() is being called on every page load
- Enhance support team's Debug capabilities by allowing access to Themes and the Theme Editor
- When users don't have the correct capabilities for sitekey login, a redirect loop may occur
- Require a minimum length for license key
- Fix compatibility with security & membership plugins
- Add the namespace to webhook payload
- Logins fail on multisite blogs
- Add ids to buttons to make e2e testing easier HOT 1
- Set up GitHub Actions for running unit tests HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from client.