vencax / netlify-cms-github-oauth-provider Goto Github PK
View Code? Open in Web Editor NEWnetlify oauth github client sending token in form as netlify service itself
netlify oauth github client sending token in form as netlify service itself
Hi there. I have managed to make everything works (window popups, you are able to authorise github, the OAuth app in github "gets" the new user) BUT eventually the popup window doesn't close and it's just blank...
Well, actually it contains just
<script>
(function() {
function receiveMessage(e) {
console.log("receiveMessage %o", e)
// send message to main window with da app
window.opener.postMessage(
'authorization:github:success:{"token":"5b95156e2667db763606e3647d48968054716001","provider":"github"}',
e.origin
)
}
window.addEventListener("message", receiveMessage, false)
// Start handshare with parent
console.log(window.opener)
console.log("Sending message: %o", "github")
window.opener.postMessage("authorizing:github", "*")
})()
</script>
I believe that for a reason the popup cannot postmessage to the parent window (where netlifycms /admin/#/ is) and vice versa...
Any ideas will be more than welcome. Thanks in advance!
I forked your app and replaced app.listen with module.exports = app and in my main app, I used app.use to mount it. that all works.
When I do app.use("/netlify",varReferingToNetlifyAuthProv)
(and set backend.base_url and oath Authorization callback URL acordingly)
it gets stuck at /netlify/callback?code=&state= but when I do app.use without a mount path (and set backend.base_url and oath Authorization callback URL acordingly) it goes to /callback?code=&state= and the window closes and netlify sucessfully loges in.
Github fork: https://github.com/tumblenet/netlify-cms-github-oauth-provider
API Server code: https://github.com/tumblenet/api.tumblenet.ga
static website with the cms: https://github.com/tumblenet/go.tumblenet.cu.cc
I'm trying to set a netlify oauth by running your server.
I've created the oauth in github, and set credential and secret on the server, with localhost:8080 as origin.
I then added the server as the backend of my cms configuration on the frontend app.
I can then login through github from the admin panel, but the callback just show an authentication error due to the following error: invalid state key.
I can't understand exactly what's the error and if i'm missing something
Can i deploy this script to firebase free plan?
Does this support GitHub Enterprise using a SAML service provider such as Okta?
Have you considered supporting other Oauth providers/backends like GitLab?
I understand that this gives this app too much rights, with the scope "user,repo": write access on all the user information and all its repositories.
Is there a way to limit to write access on a specific repository?
Hi!
I was inspired by js code, and I created my implementation on Go.
See netlify-cms-oauth-provider-go
Maybe it's interesting to someone.
Index.js callback: callbackMiddleWareInit(oauth2) missing second parameter oauthProvider
add oauthProvider works.
callback: callbackMiddleWareInit(oauth2, oauthProvider),
Please this is the challenge i am having with netlify, Authentication Error
Authenticating failed due to the following error: Invalid state key.
Hi all!
Could someone help me to set up this provider to work locally?
Here are my .env settings:
NODE_ENV=production
ORIGINS= // what can I specify here for localhost?
OAUTH_CLIENT_ID=GITHUB_CLIENT_ID
OAUTH_CLIENT_SECRET=GITHUB_SECRET
PORT=3001
AUTH_TARGET=_blank
I am trying to use this code, I have successfully set up an app at Github and deployed this provider, I see login with GitHub, I have signed in using Github, but I could not log in to Netlify CMS, every time I click on login with Github it's just opening a blank page for me.
I am looking for something that will let me change the Login service in my Netlify-CMS admin panel.
For now, it is connected to self-hosted GitLab repo (no Netlify service integration, just Netlify CMS) and by default - it requires GitLab account to log in to admin.
Can I change it to Azure accounts (that would be given permissions to this gitlab repo, somehow?)
I would just like to know whether there are any security risks involved, since my oauthprovider server can still be accessed with any browser and get a oath token? Wouldn't it be ideal to check from where the request is coming and then give it access or deny the request? In this case the only allowed it when I get a request from my domain and deny other domains?
Sorry I'm completely new to this.
If this is a concern, I wouldn't mind adding it to the project.
Having the same problem. I still get the error, that the window.opener is null. It makes sense that it is null, after the redirect to github and back over the callback url. So how is that supposed to work?
Originally posted by @Tobilo in #14 (comment)
Hi ๐ I can confirm that this works well with github!
Unfortunately, I need to use it with Bitbucket Server
(originally Stash
)
I tried to rewrite this app, but without success...๐
I can do only Incoming link: https://confluence.atlassian.com/bitbucketserver0721/configure-an-incoming-link-1115666707.html?utm_campaign=in-app-help&utm_medium=in-app-help&utm_source=stash
Does anyone ever manage to connect it properly?
Or willing to assist me please?
I would like to use the same instance of this auth provider to authenticate into netlify-cms for multiple websites. Can the Origin variable be a regex that allows multiple domains?
For this kind of secret I usually create a setup_env.sh
and setup_env.example.sh
then .gitignore
the non-example version. This way secrets don't end up committed to repositories.
My heroku logs show this:
Insecure ORIGIN pattern used. This can give unauthorized users access to your repository.
Will not run without a safe ORIGIN pattern in production.
Process exited with status 0
tate changed from starting to crashed
What's the fix?
I am using this project for doing Github Authentication through my own server. I have integrated the Netflify-CMS to my React-App. Once auser is logged into the React-App, he/she needs to do a separate login into Github Account again to access Netlify-CMS. I am looking for solution that moves the Github login process to backend API/ netlify-cms-github-oauth-provider code where we can store username/password of github account and there itself we perform the login and upon success, it redirects to Netlify-CMS UI directly.
This what happens currently
When user login in the react app and move to Netlify-CMS option, below screen appears that prompts the user to login with github again.
After clicking on "login with Github" , it redirects to github login page with the help of netlify-cms-github-oauth-provider project running on Ec2 server
I am looking to move the 2nd step in background ,so that users of my app doesn't need to login into github separately. Is this possible with "netlify-cms-github-oauth-provider" project ??
Hi vencax can you add a license when you get a chance?
If netlify isn't going this route by default then it seems everything could all be packaged up with netlify, meaning a single repo gives you everything required, while side-stepping the default api.netlify.com
lock-in.
Throwing everything into a directory then adding a route to look for it in this directory isn't too bad an approach. config.yml
could be made to live outside this directory, while index.html
too could live in the root as it requires customisation.
Then you can clone this repo, run a task, be up and running with your own front and backend.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.