goth icon indicating copy to clipboard operation
goth copied to clipboard
verified publisher icon markbates

Add login.gov provider

Open andrewzah opened this issue 5 years ago • 8 comments

This PR adds support for login.gov which uses a customized OIDC flow.

I adapted the oidc provider and tried to adhere to the style of the project; please let me know if you have any feedback.

andrewzah avatar Feb 11 '20 22:02 andrewzah

@techknowlogick I used this branch of goth (b2f29be) in a fork of gitea (diff: 4484323), and I ran into an issue. I was able to sign in successfully with login.gov to gitea and create a new account, but when someone else signed in with login.gov, they logged into my gitea account. Do you think this is an issue with my goth implementation? Or with my gitea one?

andrewzah avatar Feb 21 '20 16:02 andrewzah

@azah in terms of changes you made to gitea it looks like the code changes there are correct. Could you test with a different provider (github is easiest one to test with as we have many implementations of gitea using it, so we know that integration is solid) to see if same thing still happens? If same thing still happens with a different provider then it is likely due to a configuration of gitea, otherwise then it is likely due to something in this PR.

techknowlogick avatar Feb 22 '20 23:02 techknowlogick

@techknowlogick good idea. With github auth it worked correctly, so I'll take a look at this PR again on monday to see what might be causing the issue.

andrewzah avatar Feb 23 '20 00:02 andrewzah

@techknowlogick as far as I'm aware, each call gets a new Session, so I don't understand why different users would map to the same gitea account. I ran the example app in two firefox windows side by side with different sandbox-login.gov accounts at the same time, and had no issues.

Could it be something to do with creating a new account in gitea?

andrewzah avatar Apr 08 '20 19:04 andrewzah

I've just created a login.gov account (I don't work for USG so I didn't realize it was open to any random person including non-americans), so I can help tetst. I haven't figured out how to make an oauth2 application so I can test with a local gitea install, do you have any insight into how to do that?

techknowlogick avatar Apr 08 '20 19:04 techknowlogick

@techknowlogick there's a process to getting approved. If you send an email to [email protected] (or reply with your email/twitter) I can send you an issuer id/redirect_uri for testing goth and/or gitea.

andrewzah avatar Apr 08 '20 20:04 andrewzah

sent. ty :)

techknowlogick avatar Apr 08 '20 20:04 techknowlogick

@techknowlogick thanks, I sent you an email. I'm still using commit 4484323 from my gitea fork.

You can replicate the issue by

  • standing up a gitea instance
  • enabling login.gov authentication
  • signing in via login.gov and creating an account in gitea
  • then signing in via another login.gov account

andrewzah avatar Apr 08 '20 20:04 andrewzah