feat(auth): restrict AUTHORIZED listener payload to {key, serviceInfo?} (3.5.0)#69
Merged
Conversation
Demonstrates how a non-browser caller (CLI, daemon, bot) can drive the access-request flow using the existing `Service.startAccessRequest` + `Service.pollAccessRequest` methods. Pattern reference; no new public API. The sample appends `cli=1` to the auth URL so the auth UI knows to render a terminal "you can close this window" screen on success instead of trying to close a popup or redirect.
The calling app's `onStateChange` callback, when reached through a fresh
auth-flow poll → ACCEPTED, now receives only
`{ status, id, key, serviceInfo? }`. Credentials (`username`, `token`,
`apiEndpoint`) stay inside the lib.
To obtain a working `Connection` from the result, use the new
`pryv.connectFromKey(key, serviceInfoUrl)` (or
`service.connectFromKey(key)`) helper.
Cookie-autologin AUTHORIZED states (no fresh key available) pass
through unchanged so existing pages that build a Connection on page
reload keep working.
Surface changes:
- `Service#connectFromKey(key)` and `pryv.connectFromKey(key, url, ?customizations)` added.
- `AuthController` remembers the polling key from the initial access
POST and attaches it back onto the terminal AUTHORIZED state, since
the server's poll response doesn't echo `key` back.
- The external `onStateChange` listener is wrapped in a filter at
registration time; internal listeners (LoginButton's cookie/autologin
path) keep seeing the full state.
- Browser examples (index/socket.io/monitor) updated to support both
fresh-key and autologin paths.
- New `examples/cli-login.js` pairs with the auth UI's `?cli=1` flag
for headless polling from Node.
Tests: +5 ([AFLA/B/C] listener filter + [CFKA/B] connectFromKey
validation). Lib-js full suite: 276 passing, 2 pending.
Version: `pryv@3.5.0` (lockstep `@pryv/monitor@3.5.0` +
`@pryv/socket.io@3.5.0`; `@pryv/cmc` unchanged). Minor bump — the new
`connectFromKey` helper is additive; the listener-payload narrowing
applies only to fresh auth-flow callbacks and consumers that read
`state.apiEndpoint` migrate per the CHANGELOG recipe.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #69 +/- ##
==========================================
- Coverage 92.50% 92.24% -0.26%
==========================================
Files 32 32
Lines 4656 4760 +104
==========================================
+ Hits 4307 4391 +84
- Misses 349 369 +20 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Narrows the auth-flow result surface exposed to calling apps and adds
pryv.connectFromKey(key, serviceInfoUrl)as the new path from a polling key to a workingConnection.onStateChange(state)on the terminalAUTHORIZEDstate reached through a fresh auth-flow poll now receives only{ status, id, key, serviceInfo? }.username/token/apiEndpointstay inside the lib.Connectionon page reload keep working.pryv.connectFromKey(key, serviceInfoUrl, serviceCustomizations?)+Service#connectFromKey(key)helpers.examples/cli-login.js— headless polling pattern reference (Node-only), pairs withapp-web-auth3's new?cli=1query flag.pryv@3.5.0+ lockstep@pryv/monitor@3.5.0+@pryv/socket.io@3.5.0.@pryv/cmcunchanged.Commits
c187ca7— examples: headless polling-flow sample for CLI callers411eab6— restrict AUTHORIZED listener payload to{key, serviceInfo?}(3.5.0)Test plan
just lint— cleanjust test all— 276 passing, 2 pending (pryv 182, monitor 24, socket.io 10, cmc 60)[AFLA]/[AFLB]/[AFLC](listener filter behaviour) +[CFKA]/[CFKB](Service#connectFromKeyvalidation)index.html/socket.io.html/monitor.html) updated to support both fresh-key and autologin pathspryv/open-pryv.io(PR linked below) — needs to land in locksteppryv/app-web-auth3(PR linked below) — handles the new?cli=1flag + alignment fixesCoordinated release
This PR is one of three that ship together for the auth-flow surface narrowing:
pryv/open-pryv.io#...— server-side response-shape trimpryv/app-web-auth3#...— auth UI alignment +?cli=1See
CHANGELOG.md§[3.5.0]for the migration recipe.