Wiki pages for newbies that summarizes all the problems and doubts to get authboss up and running #210
Comments
This was referenced Jan 5, 2019
|
Sounds fine to me. |
|
I should say it'd be nice to not have to support and maintain anything relating to integration with buffalo. You may want to continue to host that buffalo-authboss-sample and keep it up to date as I don't need any additional work :) |
Ok. No prob. :) |
This was referenced Jan 7, 2019
This was referenced Apr 8, 2019
This was referenced Sep 29, 2019
This was referenced Feb 1, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm a newbie both in Go and authboss.
I would like to open a wiki page (or more) for newbies that summarizes all the problems and doubts I had and that clearly explains how to get authboss up and running in your Go project.
What do you think, @aarondl?
Before starting I would like to recap here what I have already done and what I have not yet understood how to do:
Remember me
Remember me cookie in authboss-sample has MaxAge=Session. Explanation. (issue: Remember me cookie in authboss-sample has MaxAge=Session. Explanation. #217). Closed. Was a bug in volatiletech/authboss-clientstate@0943df8
Remember me with or without checkbox in authboss-sample save "rm" cookie and session in DB anyway (issue: Remember me with or without checkbox in authboss-sample save "rm" cookie and session in DB anyway. #215). Closed. Was a bug in volatiletech/authboss-clientstate@0943df8
Remember me, DB struct (table) hints. (issue: Remember me, DB struct (table) hints. #218)
Proposal: Implement shallow remember me (issue: Implement shallow remember me #212). Not enough interest on the subject to invest time.
Doubt about theft prevention (issue: Remember me, theft prevention doubt #227)
Expired tokens in DB table (issue: Remember me, expired tokens in DB table #228)
Race condition for "Remember Me" module (issue: Race condition for "Remember Me" module #281)
"Remember me" enabled by default if module installed (issue: "Remember me" enabled by default if module installed #282)
Redirects
Doubts about login/logout redir behaviour (issue: Doubts about login/logout redir behaviour #236)
Is it possibile to use
CorceRedirectTo200in master? (issue: Is it possibile to useCorceRedirectTo200in master? #251)Cookies
Where is the session persisted? Is there a way to use cookie as a session storage even with its limits (4KB)? (like Rails devise gem does) (issue: Where is the session persisted? Is there a way to use cookie as a session storage even with its limits #213) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).
API mode
Do I need CSRF protection for
/loginendpoint? (issue: Do I need CSRF protection for /login endpoint? #247)Message
{"status":"success"}onGETcall on/loginendpoint? (issue: Message {"status":"success"} on GET call on /login endpoint? #248)Total compatibility as API endpoint (issue: Total compatibility as API endpoint #283)
Various
Override default templates using scss/less/js assets (writing wiki page with just some advices...)
CurrentUser() vs LoadCurrentUser(). What is the right one to use? (issue: CurrentUser() vs LoadCurrentUser(). What is the right one to use? #220) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).
Content-Type: application/jsonandRespondUnauthorized/RespondRedirectwith panic (issue: Content-Type application/json error: "failed to redirect user during authboss.Middleware redirect: template for page redirect not found" authboss-sample#29)Hooks for authboss routes (issue: Hooks for authboss routes. #221)
Using authboss with Gorm and Postgresql (doubts about columns and indexes, issue: Postgres and Gorm struct tags / DB columns and indexes definition #209). Started draft: https://github.com/volatiletech/authboss/wiki/Using-Authboss-with-Gorm-and-Postgresql
"Redirect template for page" problem (issue: Content-Type application/json error: "failed to redirect user during authboss.Middleware redirect: template for page redirect not found" #208) requesting middleware auth protected page with
Content-Type: application/jsonheaderLists all possible security holes using authboss-sample as it is and what to do to make it stronger. Also check
authboss-samplebased on with https://www.calhoun.io/securing-cookies-in-goIntegrate it with Buffalo (some problems fixed, but still not 100% integration): https://github.com/frederikhors/buffalo-authboss-sample
Use with precompiled templates, eg. with Quicktemplate (issue: Use with precompiled templates, eg. with Quicktemplate #239)
The text was updated successfully, but these errors were encountered: