janekolszak / idp Goto Github PK

Wouldn't it be better for Provider to have something similar to WriteError instead of Respond. I feel that Respond means to send a normal response of some sort.

I wanted to quickly highlight this before API matures, while we still have a chance to break the API.

Appreciate what you've done here. It's a huge undertaking. 👍

A major refactoring is getting close.

In order to avoid any build breaks be sure to use release 0.1.0 of idp.

Things that will change:

• No more providers, helpers, userdb. I learned it's impossible to cover all use cases in this project.
• No more vendor directory, only one .glide file
• I will try not to break the examples, but I won't guarantee they all gonna make it.
• core package will be moved to the root of the directory

When trying to login for a second time

securecookie: the value is too long error occurs.

I'm guessing it's exceeding the cookie size limit.

Placeholder issue for pulling together some discussion/thoughts on this. Couple of thoughts on this at the moment:

• I think the providers should be able to add their own hooks on the httprouter. The forms provider will need sign-up, verify-email-address and some other endpoints that are not needed for other providers
• I'm not 100% comfortable with the HandleChallengeGET() being registered for both GET & POST on the root endpoint. This relates a little to the discussion in #3 over the Respond() method - I was thinking that the forms provider would only ever return a form for GET, but I don't want to interfere and take this some direction you don't want.

I'm happy to put some work into this.

Hello,

First of all, thanks for providing this library!

Would you be able to point me in the right direction? I do not ask you to solve my issue but just let me know what I should look into...

I am using the form with rethinkdb and get it working within my environment. But I never get the consent request.

• I register my user, ok
• got verification email ok
  But then when i moved back to /, I do not get redirected to /consent.

From the code I can see that this is because there is no challenge in the request.
challenge, err := h.IDP.NewChallenge(r, user)
if err != nil { <=== err not nil.... Bad request
fmt.Println(err.Error())
h.Provider.WriteError(w, r, err)
return
}

My question is how am I supposed to get it? I am missing something probably silly as I am new to IDP.
Can you give me a hint or a few words about the expected worklflow?

Thanks a lot,
Steve.

^

I tried to sample from the readme:

import (
    "github.com/janekolszak/idp"
    "github.com/antonlindstrom/pgstore"
    "time"
)

func main() {
    challengeCookieStore, err = pgstore.NewPGStore("postgres://user:pass@address/dbname", []byte("secret"))
    // Return on error

    // Create the IDP
    IDP := idp.NewIDP(&idp.IDPConfig{
        ClusterURL:            /* Hydra's address */,
        ClientID:              /* IDP's client ID */,
        ClientSecret:          /* IDP's client secret */,
        KeyCacheExpiration:    time.Duration(/* Key expiration time */) * time.Second,
        ClientCacheExpiration: time.Duration(/* Client info expiration */) * time.Second,
        CacheCleanupInterval:  time.Duration(/* Cache cleanup interval. Eg. 30 */) * time.Second,
        ChallengeExpiration:   time.Duration(/* Challenge cookie expiration. Eg. 10 */) * time.Minutes,
        ChallengeStore:        challengeCookieStore,
    })

    // Connects with Hydra and fills caches
    err = IDP.Connect(true /*TLS verification*/)
    // Return on error
}

and I got:

panic: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_scope","error_description":"The requested scope is invalid, unknown, or malformed","statusCode":400}

I created the client and secret with hydra clients create.

I started hydra with docker run -d --name my-hydra -p 4444:4444 -e CONSENT_URL=http://<my_ip>:3000 oryd/hydra.

It would be good if a high-availability configuration was possible. Using go-cache prevents this as it's all in single-process on one machine. However, I do like the simplicity of go-cache for getting started. How about abstracting the cache implementation to an interface which is pushed down from main()? Can provide go-cache as a simple implementation, but it opens the possibility to provide alternative implementations (memcache/groupcache etc)

Happy to do this for you..

PS - I know this is still early-stages, and really appreciate what you're doing with this. 😄

maybe https://github.com/Sirupsen/logrus or https://github.com/spf13/jWalterWeatherman ?

allows easier debug by knowing which file/linenumber it came from, and also changing verbosity levels etc