Comments (13)
As a workaround it would be nice to know how to generate an access_token and refresh_token out of the session token, as the session token is not the same.
from directus.
The documentation is missing how to login with a directus_session_token.
If you have a session token then you have already logged in. Logging in is what returns you the token for the mode used. That token is then used to authenticate to endpoints in the API.
how to refresh with a passed session token?
This would be the same as any other endpoint. Do a request with the session cookie set in the headers. Since the browser handles cookie management for you this may require extra configuration/dependencies/etc for a native non-browser platform.
As for our native app users we would like to safe somewhere the credentials the question arises, how to safe the session token?
I'm no expert in native mobile development but my first instinct would be that there are probably options to deal with cookies (considering thats a commonly used method of authentication on the web) however if they cant support cookies for some reason i would assume there'd be a platform specific secure form for storing credentials.
It is also neccessary to pass the tokens in headers for getting images, as we cannot rely on cookies always.
Cookies are passed as a header too! But there is a bunch of extra logic surrounding it in browsers dealing with domain security / js access / formatting the header / parsing response cookies and such.
from directus.
Well the problem is with native SSO login the following:
you are in the app, you open the browser for the SSO login and get authenticated in the browser. Now the Directus instances redirects the user to the mobile app.
by that redirect the native app has no access to the cookie set. Therefore it is required to pass the token to the app via url.
So it is required to pass the token to the app somehow.
or I would need somehow to set and get the session token from within the app.
from directus.
Could you otherwise tell me how to create/get access and refresh tokens within a custom endpoint from the session token?
this would work as a workaround.
from directus.
Also using cookies would have the negative effect, when using a native app, the user would be logged out when the browser cache is resseted.
from directus.
Created a temporary workaround to get refresh token for "session" auth providers: #22427
from directus.
Well the problem is with native SSO login the following:
you are in the app, you open the browser for the SSO login and get authenticated in the browser. Now the Directus instances redirects the user to the mobile app. by that redirect the native app has no access to the cookie set. Therefore it is required to pass the token to the app via url.
So it is required to pass the token to the app somehow.
or I would need somehow to set and get the session token from within the app.
So quick curiosity in this native workflow, do you really need the session mode? It doesnt look like you are actually sharing the SSO login between the native app and the directus instance which would mean there is no real need to be "compatible with the browser data studio" 🤔
Couldnt you open the browser directly to the SSO provider of your users choice (/auth/login/:provider
) using the authentication mode that works best for you / you were using before?
https://docs.directus.io/reference/authentication.html#login-using-sso-providers
from directus.
Well the problem is with native SSO login the following:
you are in the app, you open the browser for the SSO login and get authenticated in the browser. Now the Directus instances redirects the user to the mobile app. by that redirect the native app has no access to the cookie set. Therefore it is required to pass the token to the app via url.
So it is required to pass the token to the app somehow.
or I would need somehow to set and get the session token from within the app.So quick curiosity in this native workflow, do you really need the session mode? It doesnt look like you are actually sharing the SSO login between the native app and the directus instance which would mean there is no real need to be "compatible with the browser data studio" 🤔
Couldnt you open the browser directly to the SSO provider of your users choice (
/auth/login/:provider
) using the authentication mode that works best for you / you were using before? https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Well I am open in the native browser the SSO provider directly. But this causes that the app is left and the native browser is opened. This results in not being able from within the app to access the cookie.
export const ButtonAuthProvider = ( {provider}: SsoProvider) => {
const isDebug = useIsDebug();
const translation_log_in_with = useTranslation(TranslationKeys.sign_in_with);
let providerName = provider.name;
// capitalize first letter
providerName = providerName.charAt(0).toUpperCase() + providerName.slice(1);
const accessibilityLabel = translation_log_in_with+': '+providerName;
let text = translation_log_in_with+': '+providerName;
const url = ServerAPI.getUrlToProviderLogin(provider);
const disabled = !isSsoLoginPossible();
if (disabled) {
text += '\n'
text += 'Does not work on local ExpoGo'
}
if (isDebug) {
text += '\n'
text += 'Debug: URL: '+url
}
const onPress = () => {
CommonSystemActionHelper.openExternalURL(url)
}
return (
// @ts-ignore
<ButtonAuthProviderCustom key={'ssoButton'+provider.name} disabled={disabled} accessibilityLabel={accessibilityLabel} onPress={onPress} icon_name={provider.name} text={text} />
);
};
from directus.
So i am a little confused now
This results in not being able from within the app to access the cookie.
How were you doing this before? because before session mode was introduced you had to use cookie
mode which also required you to deal with that refresh cookie. That specific flow of SSO redirect then receive a cookie which you can refresh hasnt changed in that respect only what the token in the cookie is capable of.
from directus.
So i am a little confused now
This results in not being able from within the app to access the cookie.
How were you doing this before? because before session mode was introduced you had to use
cookie
mode which also required you to deal with that refresh cookie. That specific flow of SSO redirect then receive a cookie which you can refresh hasnt changed in that respect only what the token in the cookie is capable of.
Before I used the Json mode. And I let the user redirect to a custom Directus endpoint. This endpoint took the „refresh_token“ and added it to a redirect to the native app deep link
from directus.
The current workaround uses the session mode and creates a new refresh token and adds this also to the redirect.
from directus.
Before I used the Json mode. And I let the user redirect to a custom Directus endpoint. This endpoint took the „refresh_token“ and added it to a redirect to the native app deep link
So then what was stopping you from carrying on with this original workflow? this authentication is unrelated to the Directus Studio authentication and specific to the native app as far as im reading
from directus.
Before I used the Json mode. And I let the user redirect to a custom Directus endpoint. This endpoint took the „refresh_token“ and added it to a redirect to the native app deep link
So then what was stopping you from carrying on with this original workflow? this authentication is unrelated to the Directus Studio authentication and specific to the native app as far as im reading
You are totally correct. But regarding the increasing native app amount, it would be beneficial for Directus to also support these kind of native auth flows. For me I will stick to this workaround but I would love to see a support of this also as for SDK clients.
from directus.
Related Issues (20)
- Upload CSV File Error HOT 1
- Action Flow doesn't show updated payload anymore HOT 3
- Add updateBatch request to the SDK
- CMS is not accessible HOT 1
- Add docs for updateBatch methods
- Adding incorrect value to `one_allowed_collections` relations through schema endpoint breaks graphql endpoint without any visible errors.
- V-drawer showing up behind the manual workflow run confirmation dialog HOT 1
- The data volume of active and revisions will become larger and larger HOT 2
- "You don't have permission to access this." when displaying Directus User in a list in the built-in Directus UI HOT 2
- Directus Paging issue HOT 5
- Error when opening the media-library HOT 2
- Upload files in chunks
- TypeError Cannot read properties of undefined (reading 'primary') HOT 3
- AUTH_LDAP_DEFAULT_ROLE_ID overwrites assigned role on every login
- Unable to detach link in flow
- Unable to create two images with a different name on the same singleton collection HOT 2
- Insight : Definition object should contain 'type' property: Object({ type: undefined, resolve: [function resolve] }) HOT 3
- Directus FLows: Item.create and Item.update have different data structure HOT 1
- WYSIWYG field - filtering for special characters HOT 1
- Cloudinary Storage: Old image returned after replacing/editing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from directus.