Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add login.gov provider #318

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add login.gov provider #318

wants to merge 1 commit into from

Conversation

andrewzah
Copy link

@andrewzah andrewzah commented Feb 11, 2020
edited

This PR adds support for login.gov which uses a customized OIDC flow.

I adapted the oidc provider and tried to adhere to the style of the project; please let me know if you have any feedback.

@andrewzah andrewzah mentioned this pull request Feb 12, 2020
Open
@andrewzah
Copy link
Author

andrewzah commented Feb 21, 2020
edited

@techknowlogick I used this branch of goth (b2f29be) in a fork of gitea (diff: 4484323), and I ran into an issue. I was able to sign in successfully with login.gov to gitea and create a new account, but when someone else signed in with login.gov, they logged into my gitea account. Do you think this is an issue with my goth implementation? Or with my gitea one?

@techknowlogick
Copy link
Collaborator

@azah in terms of changes you made to gitea it looks like the code changes there are correct. Could you test with a different provider (github is easiest one to test with as we have many implementations of gitea using it, so we know that integration is solid) to see if same thing still happens? If same thing still happens with a different provider then it is likely due to a configuration of gitea, otherwise then it is likely due to something in this PR.

@andrewzah
Copy link
Author

@techknowlogick good idea. With github auth it worked correctly, so I'll take a look at this PR again on monday to see what might be causing the issue.

@andrewzah
Add login.gov provider
453eecd 
* add example for new login.gov provider
* sort example providers alphabetically
@andrewzah
Copy link
Author

@techknowlogick as far as I'm aware, each call gets a new Session, so I don't understand why different users would map to the same gitea account. I ran the example app in two firefox windows side by side with different sandbox-login.gov accounts at the same time, and had no issues.

Could it be something to do with creating a new account in gitea?

@techknowlogick
Copy link
Collaborator

I've just created a login.gov account (I don't work for USG so I didn't realize it was open to any random person including non-americans), so I can help tetst. I haven't figured out how to make an oauth2 application so I can test with a local gitea install, do you have any insight into how to do that?

@andrewzah
Copy link
Author

andrewzah commented Apr 8, 2020
edited

@techknowlogick there's a process to getting approved. If you send an email to zah@andrewzah.com (or reply with your email/twitter) I can send you an issuer id/redirect_uri for testing goth and/or gitea.

@techknowlogick
Copy link
Collaborator

sent. ty :)

@andrewzah
Copy link
Author

andrewzah commented Apr 8, 2020
edited

@techknowlogick thanks, I sent you an email. I'm still using commit 4484323 from my gitea fork.

You can replicate the issue by

  • standing up a gitea instance
  • enabling login.gov authentication
  • signing in via login.gov and creating an account in gitea
  • then signing in via another login.gov account

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techknowlogick techknowlogick techknowlogick left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andrewzah @techknowlogick