figure out what to do with logins

Question

figure out what to do with logins

Opened this issue 5 years ago · 3 comments

Even after #9 is fixed, login will be broken because the /auth0 endpoints don't exist. We probably need to change auth to talk directly to Taskcluster, although this needs a bit more investigation first.

Answer 1 · 2019-12-11T19:04:54.000Z

I was talking to @rail about this and he pointed out that none of the UI interactions use backend endpoints that require auth. So we can just rip out the frontend login stuff instead of trying to fix it. I'm guessing it only exists because this used to be integrated with the common releng frontend code in the services repo.

Answer 2 · 2019-12-12T17:02:32.000Z

I was poking at unrelated things today and realized that downloads of internal artifacts from the UI don't work if you're not logged in. I can't confirm that they do work if you are logged in, but presumably a session cookie would be set in that case, and they would.

So, now I'm not sure whether or not we can rip out logins.

Answer 3 · 2020-02-19T15:22:03.000Z

I ended up making logins work, but internal artifact downloads still do not. This is because the links to them are simple tags, which can't include an Authorization header. I think it's possible to change the frontend to download with an XHR request after a bit of research, but I don't know if it's worthwhile.