Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update authentication flow #881

Open
jmgasper opened this issue Jun 1, 2022 · 0 comments
Open

Update authentication flow #881

jmgasper opened this issue Jun 1, 2022 · 0 comments

Comments

@jmgasper
Copy link
Collaborator

jmgasper commented Jun 1, 2022
edited
Loading

Problem

Currently, the web arena uses custom code for validating the tcsso cookie:

arena-web/app/index.html

Line 20 in 9d1b51c

if(document.cookie.indexOf("tcsso") == -1) {

There's also code here that uses it:

arena-web/app/js/resolvers.js

Line 137 in 9d1b51c

resolvers.finishLogin = ['$rootScope', '$q', '$state', '$filter', 'cookies', 'sessionHelper', 'socket', 'tcTimeService', 'notificationService', 'appHelper', '$timeout', function ($rootScope, $q, $state, $filter, cookies, sessionHelper, socket, tcTimeService, notificationService, appHelper, $timeout) {

arena-web/app/js/factories.js

Line 1068 in 9d1b51c

helper.getTcsso = function () {

arena-web/app/js/factories.js

Line 1071 in 9d1b51c

helper.removeTcsso = function () {

arena-web/app/js/controllers/baseCtrl.js

Line 661 in 9d1b51c

socket.emit(helper.EVENT_NAME.SSOLoginRequest, {sso: sessionHelper.getTcsso()});

The problem is that we no longer want to use the tcsso cookie for the web arena. Instead, we just want to validate that the JWT token is valid, similar to what the community app does, using the TC Core Lib dependency

Solution

Instead of using tcsso manually in the arena web, we want to transition to using the TC Core Lib dependency linked to above, in the web arena.

The TC Core Lib uses the v3 bearer token instead of tcsso, which is more current and easier to manage for Topcoder.

Examples:

Caveats

We need to make sure that the arena still can call the APIs appropriately using the updated bearer token. I don't see anywhere where we are using the tcsso token, but there are a couple places where the arena code appears to be using the jwtToken. This should be the same as the v3token, but we'll need to ensure that it still works as expected when we switch to use the TC Core Lib dependency.

For reference:

Testing

Testing details will be provided in the F2F challenge forum.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmgasper