forked from mystiq/hydrogen-web
some notes on how SSO should work
This commit is contained in:
Bruno Windels
parent
5db3b28e3a
commit
13bf4aadc6
1 changed files with 54 additions and 0 deletions
54
doc/impl-thoughts/SSO.md
Normal file
54
doc/impl-thoughts/SSO.md
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
Pseudo code of how SSO should work:
|
||||
|
||||
```js
|
||||
// 1. Starting SSO
|
||||
const loginOptions = await sessionContainer.queryLogin("matrix.org");
|
||||
// every login option (the return type of loginOptions.password and loginOptions.sso.createLogin)
|
||||
// that can be passed in to startWithLogin will implement a common LoginMethod interface that has:
|
||||
// - a `homeserver` property (so the hsApi can be created for it before passing it into `login`)
|
||||
// - a method `async login(hsApi, deviceName)` that returns loginData (device_id, user_id, access_token)
|
||||
|
||||
// loginOptions goes to the LoginViewModel
|
||||
|
||||
// if password login, mapped to PasswordLoginViewModel
|
||||
if (loginOptions.password) {
|
||||
sessionContainer.startWithLogin(loginOptions.password(username, password));
|
||||
}
|
||||
|
||||
// if sso login, mapped to SSOLoginViewModel
|
||||
if (loginOptions.sso) {
|
||||
const {sso} = loginOptions;
|
||||
// params contains everything needed to create a callback url:
|
||||
// the homeserver, and optionally the provider
|
||||
let provider = null;
|
||||
if (sso.providers) {
|
||||
// show button for each provider
|
||||
// pick the first one as an example
|
||||
provider = providers[0];
|
||||
}
|
||||
// when sso button is clicked:
|
||||
// store the homeserver for when we get redirected back after the sso flow
|
||||
platform.settingsStorage.setString("sso_homeserver", loginOptions.homeserver);
|
||||
// create the redirect url
|
||||
const callbackUrl = urlCreator.createSSOCallbackURL(); // will just return the document url without any fragment
|
||||
const redirectUrl = sso.createRedirectUrl(callbackUrl, provider);
|
||||
// and open it
|
||||
platform.openURL(redirectUrl);
|
||||
}
|
||||
|
||||
// 2. URLRouter, History & parseUrlPath will need to also take the query params into account, so hydrogen.element.io/?loginToken=abc can be converted into a navigation path of [{type: "sso", value: "abc"}]
|
||||
|
||||
// 3. when "sso" is on the navigation path, a CompleteSSOLoginView is shown.
|
||||
// It will use the same SessionLoadView(Model) as for password login once login is called.
|
||||
//
|
||||
// Also see RootViewModel._applyNavigation.
|
||||
//
|
||||
// Its view model will do something like:
|
||||
|
||||
// need to retrieve ssoHomeserver url in localStorage
|
||||
const ssoHomeserver = platform.settingsStorage.getString("sso_homeserver");
|
||||
// need to retrieve loginToken from query parameters
|
||||
const loginToken = "..."; // passed in to view model constructor
|
||||
const loginOptions = await sessionContainer.queryLogin(ssoHomeserver);
|
||||
sessionContainer.startWithLogin(loginOptions.sso.createLogin(loginToken));
|
||||
```
|
||||
Loading…
Reference in a new issue