Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better Docs #61

Open
5 tasks
sergiodxa opened this issue Nov 20, 2021 · 10 comments
Open
5 tasks

Better Docs #61

sergiodxa opened this issue Nov 20, 2021 · 10 comments
Assignees
@sergiodxa
Labels
documentation Improvements or additions to documentation

Comments

@sergiodxa
Copy link
Owner

  • Documentation website
  • Document how to approach a Passport to Remix Auth migration
  • Document all current strategies
  • Create example apps for every strategy
  • Create examples using Cloudflare Workers
@sergiodxa sergiodxa added the documentation Improvements or additions to documentation label Nov 20, 2021
@sergiodxa sergiodxa self-assigned this Nov 20, 2021
@lgastler
Copy link
Contributor

I just saw this and wanted to let you know that I would be very happy to help, if that would be useful.

@jdnichollsc
Copy link

Maybe you can use ChatGPT to generate that! 😄

@ErlanBelekov
Copy link

hi @sergiodxa
thanks for creating this awesome package, me and my team have used it in production many times 👍🏼.

I would love to contribute and work on a new documentation website. Can i create a PR?

P.S: Seems like the CONTRIBUTING.md file is a bit outdated(https://remix-run.web.app/dashboard shows a 404)

@Visible-Radio
Copy link

🙏 please 🙂
Seems like a lot of goodness packed in here, but I'm left scratching my head in many cases.

It's still not clear to me what I'm supposed to use the second arg to the oauth2 strategy constructor (StrategyVerifyCallback). I guess I can fetch additional user info there using the tokens it is called with and commit the result to a session. But why is it called "verify"?

I didn't even know there was an "authorizer" part of this package until I poked around in the source. How do I use that? Where are rules configured?

Why is the session id field blank?

It may be another issue - but what if I want to store separate cookies for each token and the user info in cases where that information won't fit in just one?

@sergiodxa
Copy link
Owner Author

I didn't even know there was an "authorizer" part of this package until I poked around in the source. How do I use that? Where are rules configured?

The authorized is undocumented on purpose, it's not considered stable

@sergiodxa
Copy link
Owner Author

Why is the session id field blank?

I'm not sure what you mean by this, but the session ID is generated by the session storage object, not by Remix Auth, I think if you use createCookieSessionStorage there's no session ID, but that's an implementation detail that belongs to Remix.

@sergiodxa
Copy link
Owner Author

It's still not clear to me what I'm supposed to use the second arg to the oauth2 strategy constructor (StrategyVerifyCallback). I guess I can fetch additional user info there using the tokens it is called with and commit the result to a session. But why is it called "verify"?

The name came from Passport, the idea is that you use what the strategy gives you (form strategy gives your a formData but OAuth2 based ones gives you more things) and then verify if the user exists in your app, e.g. query your DB, if you don't need to do this you can just return what the strategy gives you.

@sergiodxa
Copy link
Owner Author

what if I want to store separate cookies for each token and the user info in cases where that information won't fit in just one?

This is outside the scope of Remix Auth, you can remove the successRedirect when calling authenticate and then get the return value from the strategy and do whatever you want with that data, but if you don't set the user data in the session you won't be able to use the isAuthenticated method.

@Visible-Radio
Copy link

It's still not clear to me what I'm supposed to use the second arg to the oauth2 strategy constructor (StrategyVerifyCallback). I guess I can fetch additional user info there using the tokens it is called with and commit the result to a session. But why is it called "verify"?

The name came from Passport, the idea is that you use what the strategy gives you (form strategy gives your a formData but OAuth2 based ones gives you more things) and then verify if the user exists in your app, e.g. query your DB, if you don't need to do this you can just return what the strategy gives you.

Got it. In my case I'm hitting my aws cognito authorization endpoint. I get back tokens (id, access, refresh) but no user information. In the verify callback I'm able to hit another cognito endpoint for that. I guess there may be a payload in the id token if I decode it instead of making this extra call.

Thanks for the clarity 🙂

@Visible-Radio
Copy link

Why is the session id field blank?

I'm not sure what you mean by this, but the session ID is generated by the session storage object, not by Remix Auth, I think if you use createCookieSessionStorage there's no session ID, but that's an implementation detail that belongs to Remix.

Thanks. I was comparing what I was returning from the verify function to the result of sessionStorage.getSession and noticed there was a bit of extra meta on the session. Couldn't tell where it was coming from since remix-auth was calling sessionStorage.commitSession on my behalf.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sergiodxa sergiodxa

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sergiodxa @jdnichollsc @lgastler @ErlanBelekov @Visible-Radio