New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1601 Add support for social login #1602
base: develop
Are you sure you want to change the base?
#1601 Add support for social login #1602
Conversation
Fix linting errors Correct imports after auto-fix by linting Change button on registration to call login Refactored the way the redirect URL is built up. Refactoring: Removing unnecessary code
* | ||
* See https://github.com/SalesforceCommerceCloud/pwa-kit/blob/3.0.0/packages/commerce-sdk-react/src/auth/index.ts#L302 | ||
*/ | ||
auth.handleTokenResponse(tokenResponse) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a workaround since this isn't part of the package. Unsure how you would like to see this handled. The reason the authentication is completely separated is because these items are part of the isomorphic SDK.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small question on this: it works only because this file is in js
rather than ts
and thus doesn't respect the private
keyword since it's a compile time annotation, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. This could be changed if I add this function to the Auth.js
async loginIDPUser(body: { code: string; usid: string, redirectURI: string }) {
return await this.queueRequest(
() => {
const tokenBody = {
code: body.code,
usid: body.usid,
grant_type: 'authorization_code_pkce',
redirect_uri: body.redirectURI,
code_verifier: localStorage.getItem('codeVerifier') || '',
client_id: this.client.clientConfig.parameters.clientId,
channel_id: this.client.clientConfig.parameters.siteId
};
return this.client.getAccessToken({ body: tokenBody });
},
false
)
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First off, 👏 we really appreciate contributions like this for key features!
Second, 😂 it's true. Code is worth more than 1,000 words or a picture! (sometimes)
@taurgis I'm trying to think through how this interfaces with plugin_slas
. I could be wrong, but I feel like plugin_slas
is where we most frequently hear complaints about lack of IDP / federated login. In plugin_slas
we hook into Account-SubmitRegistration
controller in SFRA. Mentioned in [this REDESIGN.md doc](https://github.com/SalesforceCommerceCloud/plugin_slas/blob/develop/REDESIGN.md - search for Account-SubmitRegistration
). I wonder if this is something to be concerned about... thoughts @vcua-mobify @shethj ?
In this PR, it feels like we're sidestepping "real registration" by going directly from PWA Kit to the IDP provider. Correct me if I'm wrong, but we don't actually go through a real user registration on the SLAS side in this, do we?
And if the answer there is "no, it follows the guest
slas auth flow" we end up in a situation where "real authenticated users" that come in via IDP kind of unintentionally mess around with the data because everyone appears to be a guest.
Perhaps this is ok, but also, perhaps it's not. Will require some more thought and discussion.
Also, this PR does not need to be merged in my eyes, but could also serve as an example to get your own internal implementation going. There are a few dependencies that will indeed warrant discussion. |
First, I want to echo @bfeister and say thanks for this @taurgis ! @bfeister, as you say, plugin_slas also does not have support for federated login. If we were to add support there, at a high level it would follow the same steps done here and as outlined in the SLAS documentation. In this PR, it is a separate flow from the out of the box guest or registered login flows. It looks similar to the guest flow in that there is a call to SLAS /authorize. Good question on whether everyone will appear afterward as a guest. I would think because in the /authorize call hint is set to We'll also have to think about the new user registration signup case but I think that can be handled by the idp so from our perspective it might just go through the same flow as shown in this PR |
50a1c7e
to
3cdd061
Compare
Fix linting Fix linting error Update translations Update pseudo translations
de0b93c
to
e4b78c9
Compare
Hi @taurgis |
Description
Adding IDP login to the PWA Kit has gotten quite a bit of questions lately on Slack, and they say an example said more than a thousand words? Wait.... that's not the saying
Types of Changes
Screen.Recording.2023-12-06.at.14.38.53.mov
Configuration required in SLAS:
Additional redirect URLs required:
http://localhost:3000/idp-callback|https://*.mobify-storefront.com/callback|https://*.mobify-storefront.com/idp-callback
IDP Configuration Required