Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two Auth0 Providers #1146

Merged
merged 6 commits into from
May 1, 2024
Merged

Two Auth0 Providers #1146

merged 6 commits into from
May 1, 2024

Conversation

captDaylight
Copy link
Collaborator

@captDaylight captDaylight commented Apr 30, 2024
edited
Loading

We have an issue where a customer is has an Auth0 instance that's in conflict with our Element's instance. What's causing the issue is that both instances are picking up on the redirect url's params. So to solve this I've added a hardcoded param to our elements that won't do any checks if it's coming from the parent.

Any customer that is using their own Auth0 login will need to set skipRedirectCallback to look for the presence of photon=true:

    <Auth0Provider
      domain="customer-auth-domain"
      clientId="customer-auth-client-id"
      authorizationParams={{
        redirect_uri: `${window.location.origin}`
      }}
      skipRedirectCallback={window.location.href.includes('photon=true')}
    >

Then, when as high up in the customer's authenticated tree as possible, the'll place our photon-client:

      {!isAuthenticated ? (
        <LoginButton />
      ) : (
        <photon-client
          ...
          auto-login="true"
          redirect-uri={window.location.origin} 
        >
          {/* ETC */}
        </photon-client>
     }

🎥 Demo Video
https://www.loom.com/share/58814af997ea4367a705d253ee68a9c3

👀 Demo Branch
https://github.com/Photon-Health/client/tree/auth0
If you go here to apps/auth you can install and then npm run dev to recreate the scenario I'm showing in the video above.

References

auth0/auth0-react#416
This is the PR that allows for multiple contexts. Since we aren't using React, we don't need the context on the parent React component. However in the code there was a hint to the answer.

https://github.com/auth0-samples/auth0-link-accounts-sample/tree/react-variant/React
Here's a demo of the above PR

@github-actions GitHub Actions
Copy link

Click here to see your changes live

jknapp25
jknapp25 approved these changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@jknapp25 jknapp25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

samkotlove
samkotlove reviewed May 1, 2024
View reviewed changes
packages/elements/src/utils.ts Outdated
@@ -14,9 +14,12 @@ export const validateProps = (props: Record<string, any>, required: string[]) =>
const CODE_RE = /[?&]code=[^&]+/;
const STATE_RE = /[?&]state=[^&]+/;
const ERROR_RE = /[?&]error=[^&]+/;
const PARENT_RE = /[?&]photon-parent-auth=[^&]+/; // if this is present, these are auth params for a different Auth0 instance
Copy link
Contributor

@samkotlove samkotlove May 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we are requiring our customer to add photon-parent-auth, can't we just do the inverse and add a photon=true flag so our customers don't have to do anything?

This way their client will get he normal redirect, and ours will only get the "inner" one

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sam So If I understand correctly:

  • we programmatically append photon=true to the redirect uri passed into the <photon-client>
  • in Photon client, we would check for the presence of photon=true
  • on their side they would still need to add skipRedirectCallback={window.location.href.includes('photon=true')}

marisbest2
marisbest2 reviewed May 1, 2024
View reviewed changes
packages/elements/package.json Outdated
@@ -1,6 +1,6 @@
{
"name": "@photonhealth/elements",
"version": "0.9.1",
"version": "0.9.2",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a minor bump

packages/elements/src/utils.ts Outdated
@@ -14,9 +14,12 @@ export const validateProps = (props: Record<string, any>, required: string[]) =>
const CODE_RE = /[?&]code=[^&]+/;
const STATE_RE = /[?&]state=[^&]+/;
const ERROR_RE = /[?&]error=[^&]+/;
const IS_PHOTON_RE = /[?&]photon=true[^&]+/; // if this is present, these are auth params for a different Auth0 instance
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we use a regex rather than parsing the search params?

captDaylight
captDaylight commented May 1, 2024
View reviewed changes
packages/elements/package.json
@@ -1,6 +1,6 @@
{
"name": "@photonhealth/elements",
"version": "0.9.1",
"version": "0.9.1-rc.1",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@samkotlove candidate

@captDaylight captDaylight merged commit 732fdda into boson May 1, 2024
9 checks passed
@captDaylight captDaylight deleted the double-auth branch May 1, 2024 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samkotlove samkotlove samkotlove left review comments

@marisbest2 marisbest2 marisbest2 left review comments

@jknapp25 jknapp25 jknapp25 approved these changes

Assignees
No one assigned
Labels
Elements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@captDaylight @marisbest2 @jknapp25 @samkotlove