Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Authentication Flow #4034

Closed
Michael-F-Bryan opened this issue Jun 26, 2023 · 4 comments
Closed

New Authentication Flow #4034

Michael-F-Bryan opened this issue Jun 26, 2023 · 4 comments
Assignees
@dynamite-bud
Labels
🎉 enhancement New feature! priority-medium Medium priority issue
Milestone
v4.1

Comments

@Michael-F-Bryan
Copy link
Contributor

Michael-F-Bryan commented Jun 26, 2023
edited
Loading

Motivation

We want to improve the user experience for wasmer login and align more closely with other CLI tools

Proposed solution

The new login flow will be a variant of OAuth:

  1. The CLI starts up a HTTP server on localhost
  2. CLI runs a mutation on the backend that generates a "pre-token" for logging a user in (something with an ID, URL, and a secret)
  3. The CLI prints the URL to the screen
  4. The user clicks on the URL, which takes them to the frontend so they can log in
  5. Once logged in, the frontend sends a POST request to the CLI with the login token
  6. The CLI saves this token to $WASMER_DIR/wasmer.toml and stops the HTTP server

The full plan is on Notion, but here's the overall flow:

image
@Michael-F-Bryan Michael-F-Bryan added the 🎉 enhancement New feature! label Jun 26, 2023
@Michael-F-Bryan Michael-F-Bryan self-assigned this Jun 26, 2023
@theduke
Copy link
Contributor

theduke commented Jun 27, 2023

Just a note: let's please keep the simple token copy/paste flow as a fallback, potentially with a --token flag (which then prompts you to enter the token, the token shouldn't end up in shell history).

@ptitSeb ptitSeb added the priority-medium Medium priority issue label Jun 27, 2023
@ptitSeb ptitSeb added this to the v4.0.1 milestone Jun 27, 2023
@Michael-F-Bryan
Copy link
Contributor Author

let's please keep the simple token copy/paste flow as a fallback, potentially with a --token flag

@syrusakbary is probably the best person to talk about this, but i feel like we might not want to keep the old flow.

That would mean we now have three different flows for logging in (four if you count $WASMER_TOKEN or --token=some-token accepted by each command):

  • you can do wasmer login $my_token (which is usable on remote servers or in CI)
  • you can go through the OAuth-like flow (the way most people will login interactive), or
  • you can copy/paste into stdin

The concern I have is that we'll be giving users multiple overlapping ways of authenticating, which will be quite confusing for users.

That said, I just checked gcloud and they have a --no-browser flag:

If you'd rather authorize without a web browser but still interact with the command line, use the --no-browser flag.

@theduke
Copy link
Contributor

theduke commented Jun 27, 2023

Yes exactly, there will be contexts and environments where you don't want to create a new token with a new login every time, but also not specify token/registry env vars constantly.

Also in contexts where a browser simply isn't available, like on servers.

It would be annoying to then have to manually edit the config file.

@dynamite-bud dynamite-bud mentioned this issue Jul 13, 2023
Merged
@dynamite-bud
Copy link
Contributor

Closed in #4057

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dynamite-bud dynamite-bud

Labels
🎉 enhancement New feature! priority-medium Medium priority issue
Projects
None yet
Milestone
v4.1
Development

No branches or pull requests
4 participants
@theduke @ptitSeb @Michael-F-Bryan @dynamite-bud