Add support for the "social" authorize to beginOAuth2()
See original GitHub issueIn the Hub, and soon to be in Hub ready apps, we leverage the seemingly undocumented “social” authorize endpoint to go around the default login screen send users directly to the facebook/google provider sign in/up pages. For example, we first show this modal:
Clicking on the Facebook/Google buttons will open an OAuth popup that goes to /sharing/rest/oauth2/social/authorize?socialLoginProviderName=<google|facebook>&autoAccountCreateForSocial=true&width=800&height=500
along w/ the rest of the OAuth2Options like clientId
and redirectUri
. That route in turn redirects to the provider’s own page:
I think once the user does their business over on the provider pages the rest of the flow is the same (the redirect uri is opened with token
, state
, expires_in
, username
etc).
I’m hoping this can be done fairly easily by to to extend OAuth2Options to have a path
which defaults to /rest/oauth2/authorize
but in this case would be overridden by /rest/oauth2/social/authorize
along w/ additional props for socialLoginProviderName
and autoAccountCreateForSocial
(and maybe width
and height
?).
The relevant code that the Hub uses can be seen here:
And then here:
Who’s with me? ⚔️
Issue Analytics
- State:
- Created 5 years ago
- Comments:16 (16 by maintainers)
Top GitHub Comments
true | false
, auth blows up immediately when the org requires that new accounts are approved.http://localhost:8080/authenticate.html?clientID=ePF8QFbgoWIkedxD#error=invalid_request&error_description=Joining this organization is supported by invitation only, you need to receive an invitation from the administrator.&messageCode=OAUTH_0024
because of this it seems appropriate for us to just hardcode
true
, at least for now.if the default
portal
is passed, you’ll still get a public account, but you won’t see the dialog below prior to choosing your username.if a custom
portal
is passed and the associated organization supports social login and also has a top-secret organization property set that allows the creation of new accounts without administrator approval, then you’ll get an account in that org, regardless of the client id supplied.