Code Monkey home page Code Monkey logo

app-extension-auth's Introduction

Welcome to Storyblok

Storyblok is a visual CMS that works with any framework. Integrate with any app, frontend, or framework. Publish anywhere with an API-first backend. Storyblok’s industry-leading Visual Editor makes it easy for marketing teams to independently create, edit, and collaborate.

Getting Started

Kickstart a new project

Are you eager to dive into coding? Follow these steps to kickstart a new project with Storyblok and your framework of choice, and get started in just a few minutes.

Ultimate Tutorials

Are you looking for a hands-on, step-by-step tutorial? Our Ultimate Tutorial Series has you covered. It provides comprehensive instructions on building a complete, multilingual website using Storyblok and your framework of choice from start to finish.

💡 Try it out for free

Why Storyblok?

  • Work with any technology: Storyblok’s headless, API-first CMS architecture empowers developers to work with any technology and integrate with any third-party solution.
  • Scale without limits: Storyblok monitors your applications and automatically scales performance to ensure optimal efficiency and performance.
  • Flexible data schemas: Storyblok's component-based approach gives you full control over your content structure. You can define your own custom data models with nestable components that can be reused across all your projects.
  • Publish faster: Marketing and content teams work faster with a Visual Editor enabling them to work independently. No more content tickets in your backlog.
  • Enterprise security: Ensure data security using one of the most secure, enterprise-grade CMSs available on the market. Storyblok is ISO 27001 certified.
  • Deliver Better Experiences: Personalize content experiences for different markets, languages, or audience segments using Storyblok's built-in localization tools, or integrate with any third-party solution through API-first integrations.

How it works

Headless CMS is a back-end-only content management system (CMS) built from the ground up as a content repository that makes content accessible via APIs.

A basic headless CMS Architecture:

A basic headless CMS architecture

Storyblok CMS architecture:

Storyblok CMS architecture

Key Features

Composable Architecture:

  • APIs: Work with any frontend or third-party integration with GraphQL, REST, and Management API.
  • Flexible backend: As a headless content management system, Storyblok can manage and serve content for any app or site.
  • Apps: Add extra functionalities to your space through a suite of custom apps available for free on the Storyblok App Directory, or build your own.
  • Composable components: Easily define new nestable blocks (such as a hero, grid, or button) or content type blocks (such as an article, landing page, or product page). Create once, reuse everywhere. The limit is your imagination. Learn more.

Streamline Workflows:

  • Visual editing interface: Storyblok enables non-technical users to build and edit JSON structures with an easy-to-use visual interface. Learn more.
  • Component Library: Find, access, and edit components directly from the Visual Editor making it easier for teams to collaborate.
  • Collaboration workflows: Publish faster with inclusive collaboration workflows that give anyone on the team a simple way to make a suggestion or take action.

Audience Experiences:

  • Image Service: Make apps and websites faster by Transforming, optimizing, and caching images in a CDN. Learn more.
  • Internationalization: Create personalized content experiences via built-in folder-level and field-level internationalization. Learn more.
  • Omnichannel Experiences: Storyblok’s headless architecture enables developers to publish content across any digital channel via APIs. Learn more.

Resources

We are Hiring

app-extension-auth's People

Contributors

bibisebi avatar eunjae-lee avatar johannes-lindgren avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

marckraw

app-extension-auth's Issues

Not possibly to grant write_content scope

When i'm trying to modify my scope, it never gives me write permissions.

Expected Behavior

Based on that auth file:

import {AuthHandlerParams} from '@storyblok/app-extension-auth'

export const endpointPrefix = '/api/authenticate'

export const authHandlerParams: AuthHandlerParams = {
  clientId: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  baseUrl: process.env.BASE_URL,
  successCallback: '/',
  errorCallback: '/401',
  endpointPrefix,
  // Increase scope if needed
  scope: ['read_content', 'write_content'],
}

should be able to give me write_content scope

Current Behavior

It always gives only read_content scope.

Potential solution

I think in storyblok-auth-api/grant/grant-handler.ts, custom scope from params is just not being passed, and only hardcoded one is used:

export const grantHandler =
  (params: GrantHandlerParams): RequestHandler =>
  async (req, res) => {
    const { clientId, clientSecret, endpointPrefix, baseUrl, } = params
    void (await grant.node({
      config: {
        defaults: {
          origin: baseUrl,
          transport: 'session',
          prefix: endpointPrefix,
        },
        storyblok: {
          client_id: clientId,
          client_secret: clientSecret,
          scope: ['read_content'],
          callback: `${endpointPrefix}/${callbackRouteSlug}`,
          profile_url: userinfo_endpoint,
          response: ['tokens', 'profile', 'raw'], // raw is needed for the expires_in, token is needed for profile
          pkce: true,
          state: true,
          token_endpoint_auth_method: 'client_secret_post',
        },
      },
      session: {
        secret: clientSecret,
        name: grantCookieName,
        cookie: {
          path: '/',
          secure: true,
          sameSite: 'none', // Needed since custom apps are embedded in iframes
          httpOnly: true, // The refresh token must not be accessible via client-side javascript
        },
      },
    })(req, res))
  }

Steps to Reproduce

Just use provided nextjs template. And modify src/auth.ts to:

import {AuthHandlerParams} from '@storyblok/app-extension-auth'

export const endpointPrefix = '/api/authenticate'

export const authHandlerParams: AuthHandlerParams = {
  clientId: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  baseUrl: process.env.BASE_URL,
  successCallback: '/',
  errorCallback: '/401',
  endpointPrefix,
  // Increase scope if needed
  scope: ['read_content', 'write_content'],
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.