Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feature request: Dynamic override from database

See original GitHub issue

Passing the secret as querystring is not safe, I think maybe it’s better to load the configurations from database.

// First, create a provider
let provider = new Provider({
  provider: 'twitter',
  override: 'myapp',
  config: {
    "key": "...",
    "secret": "...",
    "callback": "/hi"
  }
})
provider.save()

// Then
app.use('/grant', grant({
  "defaults": {
    "protocol": "http",
    "host": "localhost:3000",
    "transport": "session",
    "state": true
  },
  "google": {
    "key": "...",
    "secret": "...",
    "scope": ["openid"],
    "nonce": true,
    "custom_params": {"access_type": "offline"},
    "callback": "/hello"
  },
  "twitter": {
    "key": "...",
    "secret": "...",
    "callback": "/hi"
  }
}, async function(provider, override){
   // Load from database.
  let doc = await Provider.findOne({
    provider,
    override
  })
  return doc.config
}))

/connect/twitter/myapp will load the config from database.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:8 (6 by maintainers)

Top GitHub Comments

2reactions

simovcommented, Mar 5, 2019

That’s an interesting idea, I’ll have to think about it.

In the meantime you can probably set your dynamic configuration directly on the query object that’s attached to the request argument:

var express = require('express')
var session = require('express-session')
var grant = require('grant-express')


express()
  .use(session({secret: 'grant', saveUninitialized: true, resave: true}))
  .use('/connect/:provider/:override', (req, res, next) => {
    if (
      req.params.provider === 'twitter' &&
      req.params.override === 'foo'
    ) {
      // load from database
      req.query.key = 'KEY'
      req.query.secret = 'SECRET'
    }
    next()
  })
  .use(grant(require('./config.json')))
  .get('/hello', (req, res) => {
    res.end(JSON.stringify(req.query, null, 2))
  })
  .listen(3000)

{
  "defaults": {
    "protocol": "http",
    "host": "localhost:3000"
  },
  "twitter": {
    "callback": "/hello",
    "dynamic": true
  }
}

Then if you navigate to http://localhost:3000/connect/twitter/foo you’ll be able to login using the credentials set in the middleware before Grant.

I have tested it only with Express, but it should work with Koa too.

1reaction

simovcommented, Jan 26, 2020

Dynamic input state overrides landed in v4.7.0

The documentation and examples about it are a bit scarce at the moment, but here is the relevant commit in the readme.

In summary now you can use the request/response lifecycle state of your HTTP framework of choice to set dynamic overrides before entering the Grant routes. This dynamic configuration works outside of the dynamic configuration key, meaning you can override anything using the request/response lifecycle state. The dynamic option controls only allowed keys to override over HTTP via GET/POST request.

Top Results From Across the Web

Feature request: dynamic change database at runtime #1726

Example: I have a hasura/graphql-engine instance running and connected to postgresUrl. The Postgres instance at postgresUrl contains the ...

Keep up with dynamic data changes using dynamic parameters

Deploy your workbooks with dynamic parameters and never again think about manually updating your parameters with the latest data.

The Key to Dynamic Parameters & Some Good Use Cases

Dynamic Parameters are the most requested feature in the history of the ideas forums…and there is a reason for that.

Feature Request: Dynamic Field Names/Labels - Zoho Cares

Example: Lets say I have two clients using the same Zoho Creator Form to input employee names. The Form has a hidden field...

Feature Toggles (aka Feature Flags) - Martin Fowler

An alternative approach to a environment-specific configuration overrides is to allow a toggle's On/Off state to be overridden on a per-request basis by...