Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth Bypass should return an access token #17

Open
patch0 opened this issue Dec 2, 2022 · 0 comments
Open

Auth Bypass should return an access token #17

patch0 opened this issue Dec 2, 2022 · 0 comments

Comments

@patch0
Copy link
Contributor

patch0 commented Dec 2, 2022
edited
Loading

We're using access tokens more and more, but the stubbed RpiAuthBypass module doesn't return a full set of data.

If I log in via profile, I get the following set of data back

{
  "provider": "rpi",
  "uid": "db157643-bf50-4cd4-822a-cc022f128f17",
  "info": {
    "email": "[email protected]",
    "username": "",
    "name": "John Doe",
    "nickname": "John",
    "image": "http://localhost:3002/profile/db157643-bf50-4cd4-822a-cc022f128f17/avatar"
  },
  "credentials": {
    "token": "RXqz8MmncROv8uo-uvkM2HZuYi6jNElWd9rxSUn-32g.5aRhpP4DwV1SsmFwI4LwkERvmGk0hUo2wIf5gosVxrg",
    "expires_at": 1670001627,
    "expires": true
  },
  "extra": {
    "raw_info": {
      "at_hash": "yDbc0aFcNfNXgJ0CgbvZHA",
      "aud": [
        "coderdojo-frontend-dev"
      ],
      "auth_time": 1669998027,
      "country": "United Kingdom",
      "country_code": "GB",
      "email": "[email protected]",
      "email_verified": true,
      "exp": 1670001628,
      "iat": 1669998028,
      "iss": "http://localhost:9001/",
      "jti": "9f010af3-5b73-4b9b-94d3-cf1825163df6",
      "name": "John Doe",
      "nickname": "John",
      "nonce": "",
      "picture": "http://localhost:3002/profile/db157643-bf50-4cd4-822a-cc022f128f17/avatar",
      "postcode": null,
      "profile": "http://localhost:3002/profile",
      "rat": 1669998016,
      "roles": "",
      "sid": "4effdaad-0854-4bab-857c-6451beac60e6",
      "sub": "db157643-bf50-4cd4-822a-cc022f128f17",
      "user": "db157643-bf50-4cd4-822a-cc022f128f17",
      "username": ""
    }
  }
}

If I enable "auth bypass", I get:

{
  "provider": "rpi",
  "uid": "b6301f34-b970-4d4f-8314-f877bad8b150",
  "info": {
    "name": "Web Team",
    "nickname": "Web",
    "email": "[email protected]",
    "username": "webteam",
    "image": "https://www.placecage.com/200/200"
  },
  "extra": {
    "raw_info": {
      "roles": "user",
      "name": "Web Team",
      "nickname": "Web",
      "email": "[email protected]",
      "username": "webteam",
      "country": "United Kingdom",
      "country_code": "GB",
      "postcode": "SW1A 1AA",
      "profile": "https://profile.raspberrypi.org/not/a/real/path",
      "avatar": "https://www.placecage.com/200/200"
    }
  }
}

One of the bits that is missing in the second lot of data (amongst others) is the credentials entry. For bypass to work in coderdojo-frontend (amongst others) the credentials hash is needed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patch0