Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orion-dev] Plugins that requires authentication?
You're right, this is a bug - the URL is supposed to be https://orionhub.org/mixloginstatic/LoginWindow.html.

The way this scheme works is: when a plugin registers headers with the framework — by calling new PluginProvider(headers) — among the headers, it can include a login field giving a URL that, when visited by the user, allows them to somehow authenticate with the plugin. Orion doesn't force any particular auth technology here, it's up to the plugin and its login page to figure that out.

To signal to the framework that the user needs to authenticate, the plugin can return a 401 "unauthorized" error from a service method call, like this for example:

function myServiceMethod() {
  var d = new jQuery.Deferred();
  if (notLoggedIn)
      d.reject({ status: 401 }); // error 401
  else
      d.resolve( /*...*/ );
  return d;
}

The Orion UI has special treatment of status == 401 that recognizes it as an auth failure, and displays a link to the plugin's login page. The user is expected to go there, log in, and then retry whatever they were doing.

So, in answer to the questions from your earlier message:

1) You can't force a login before the plugin is loaded and registered. But the plugin can simply reject every call with a 401 error until the user has logged in.
If the plugin can't even be fetched before authenticating — if your server returns a 404 page for example — it's considered a timeout by the framework, and the plugin will be disabled until the user refreshes the page.

2) No. The Orion UI doesn't know anything about the authentication scheme that the plugin and its login page are using, so it is not aware if the user changes. The only lifecycle integration point is that a service call can be recognized as "failed because you weren't authenticated".

3) No… This really should be documented, but I couldn't find any material on the Orion wiki.

Mark




On Wed, Jul 23, 2014 at 1:41 PM, Kris De Volder <kdevolder@xxxxxxxxxxxxx> wrote:
Okay maybe asking too much at once.  Let's start with something more direct.

Created a fresh orionhub account and on the 'Settings >> Plugins' page I click the 'login' link for the
'Git Support' plugin.

I get redirected here:

This gives a 404.

I take it that is probably not supposed to happen. So what is it supposed to do?

Kris


On Tue, Jul 22, 2014 at 10:28 AM, Kris De Volder <kdevolder@xxxxxxxxxxxxx> wrote:
I'm trying to integrate some flux authentication support into the flux-orion plugin that Alex made.

I know you can add a 'login' url to a plugin and I know how to add this url. However I can't find much if any documentation about this 'login' link, how it is used and how it interacts with plugin lifecycle.

Also, clicking the github plugin 'login' link doesn't seem to work (I only get a 404).

So I have a few questions

1) I need a way to ensure a user is logged in (via the flux-plugin login url) before the plugin is loaded.
Is this possible? (Basically, the plugin isn't really valid and won't work unless a user is authenticated before the plugin is loaded).

2) what happens when you use the login link again and login as a different user? Does the plugin get reloaded?

3) Is there documentation or examples of the proper/recommended way to create a plugin that requires some kind of authentication before its functionality can be used?

Kris


_______________________________________________
orion-dev mailing list
orion-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/orion-dev

Back to the top