Auth credentials when embedding a single module

[coolbung]

When embedding a single module (vs. running the entire module federated host app) how can the container (eg: Android app) pass the auth credentials to the module ?

cc @rahul101001000 @arajput @Shruti3004 @SaketSinha @ChakshuGautam

[coolbung]

Option 1 - Pass via URL
When the container is embedding the app use a URL like /sso/[token]/?return=/attendance/[class id]

The app will then store the received token in local storage and then redirect to the return URL.

[coolbung]

Option 2 - Use communication channel eg: window.postMessage()

The container can load a dedicated message page eg /receivemesssage and send a message containing the token and the redirect URL to the embedded webpage.

[ChakshuGautam]

I am assuming this is a blanket auth token for all the APIs.

Secondly, I am thinking of this as an initialization problem - when embedded in native android apps. The token should be added as part of the initialization config that was sent. The config could be an object that looks like this one - Enketo-config which includes all the API Keys that are relevant to the functioning of Shiksha module.

A sample way on how to pass data from Android or otherwise would be something like this and could be stored in IndexedDB (or any other browser DBs available when calling from webview.

When trying to just open a URL and using an already deployed shiksha instance, I would think of passing the token as headers rather than as part of the URL and query params. Authorization: Bearer <Token> can be sent using

loadUrl(String url, Map<String, String> extraHeaders)

Simple postMessage may not work with webview and it will have to be done through android specific APIs

Similarly, we should evaluate for iOS and document that as part of Shiksha installation guilde.

---

Also, there are two scenarios here,

1. Apps where Shiksha is having access to the device's internet
2. Offline first app where there may or may not be internet

@coolbung @rahul101001000 @Shruti3004 @SaketSinha - I am still not clear on how Shiksha Modules will be behaving with no internet - and what should the host application be notified when there is this case.

[rahul101001000]

@Chaks - for v1, let's assume an online mode of operation for Shiksha Modules. Behavior should be similar to Ola/Uber where it doesn't crash with no internet but displays a prominent message that internet doesn't exist and hence it won't function. Open to ideas on how to handle offline login on the host app.

…

On Thu, Apr 14, 2022 at 7:29 AM Chakshu Gautam ***@***.***> wrote: I am assuming this is a blanket auth token for all the APIs. Secondly, I am thinking of this as an *initialization* problem - when embedded in native android apps. The token should be added as part of the initialization config that was sent. The config could be an object that looks like this one - Enketo-config <https://github.com/enketo/enketo-express/blob/1dd2539e97d1d23d0981a96851faca0437236700/config/default-config.json#L72> which includes all the API Keys that are relevant to the functioning of Shiksha module. A sample way on how to pass data from Android or otherwise would be something like this <https://developer.android.com/guide/webapps/webview> and could be stored in IndexedDB (or any other browser DBs available when calling from webview. When trying to just open a URL and using an already deployed shiksha instance, I would think of passing the token as *headers* rather than as part of the URL and query params. Authorization: Bearer <Token> can be sent using loadUrl(String url, Map<String, String> extraHeaders) Simple postMessage may not work with webview and it will have to be done through android specific APIs <https://developer.android.com/guide/webapps/webview> Similarly, we should evaluate for iOS and document that as part of Shiksha installation guilde. ------------------------------ Also, there are two scenarios here, 1. Apps where Shiksha is having access to the device's internet 2. Offline first app where there may or may not be internet @coolbung <https://github.com/coolbung> @rahul101001000 <https://github.com/rahul101001000> @Shruti3004 <https://github.com/Shruti3004> @SaketSinha <https://github.com/SaketSinha> - I am still not clear on how Shiksha Modules will be behaving with no internet - and what should the *host* application be notified when there is this case. — Reply to this email directly, view it on GitHub <#21 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/APGX7MLBSYMJKTKB53RRAUDVE53YXANCNFSM5TJ645HQ> . You are receiving this because you were mentioned.Message ID: <shiksha-platform/shiksha-community/repo-discussions/21/comments/2563752@ github.com>

[SaketSinha]

What is the final conclusion here?
It can be posted here for closure of the thread.

[sagarihanda]

Auth2proxy approach planned and implemented. Marking closed for now.