Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

About OAuth support

See original GitHub issue

The OAuth support in Staticman is buggy and very limited. Although is had been there years, I can hardly find any site using this feature.

Currently the OAuth feature:

is only used to retrieve the user properties such as name or email. (see Staticman.js::_checkAuth and Staticman.js::_applyGeneratedFields)
has nothing to do with how Staticman access your repository.
is limited to the same git service. You can’t authenticate with GitHub on site hosted on GitLab.
doesn’t handle the redirection. It’s your responsibility redirecting guest to OAuth provider.
failed when profile has no email available. (on GitHub you can leave it empty) (No related issue yet)

Can someone explain why and how is this feature added at then? What is the plan in future?

Issue Analytics

State:
Created 3 years ago
Comments:5

Top GitHub Comments

1reaction

eazydripzcommented, Jun 3, 2021

Thank you.

0reactions

alexwaibelcommented, Dec 5, 2020

This isn’t something we can pick up right away, but it’s definitely something to add to the backlog. I agree with your assessment that the git provider and the profile provider don’t need to be coupled.

I think in the end we could simplify this whole flow to one Staticman API call which is submitted by the site’s form. Redirects would handle the rest. We could move the auth info to somewhere optional in the entry request so one call contains all the info to auth and post content. This will require further thought to handle the following cases:

A user submits two comments on the same blog. They should only have to log in once
- Maybe here is a chance to use that encrypted access_token from the oauth request
A user logs in without submitting anything.
- This may be justification for keeping the separate auth endpoint
- Supporting this isn’t necessarily the primary goal of staticman, but it would be cool to support

Thanks for all the initial work on this. OIDC looks like a pretty good fit.

Top Results From Across the Web

OAuth Community Site

OAuth is a way to get access to protected data from an application. It's safer and more secure than asking users to log...

What the Heck is OAuth? - Okta Developer

What Is OAuth? To begin at a high level, OAuth is not an API or a service: it's an open standard for authorization...

OAuth - Wikipedia

OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites...

OAuth 2.0 Authorization Framework - Auth0

The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the...

What is OAuth and How Does it Work? - TechTarget

OAuth, which is pronounced "oh-auth," enables an end user's account information to be used by third-party services, such as Facebook and Google, without ......