This is not currently supported in Cypress. I built a workaround that might help, though. I set up a simple server that runs in parallel to cypress. The endpoint opens a headless instance of Puppeteer and completes the login flow, responding to the call with all the cookies: const micro = require(“micro”); const puppeteer = … Read more
i’m gonna share everything, even the parts you marked as done, for completeness sake. Firstly, you will need something to generate a JWT in the backend, you can do that plainly without any packages, but i would recommend this package for that. Also i’ll use objection.js for querying the database, should be easy to understand … Read more
It does expire. Make sure you do not have any background ajax activity as it extends the session (SlidingExpiration is true by default). Also I had to manually delete the old cookie after I changed ExpireTimeSpan from the default 14 days to a smaller value.
Refresh tokens don’t seem to be the solution if you care about the changes you make being instant, you probably don’t want an user to access moderation tools for some time if you revoke his permissions. What you could do is keep a version number in the jwt token relative to the user, much like … Read more
There are actually two OAuth specifications, the 3-legged version and the 2-legged version. The 3-legged version is the one that gets most of the attention. The 2-legged version does exactly what you want initially, it allows an application to grant access to another via either a shared secret key (very similar to Amazon’s Web Service … Read more
Since OAuth is not an authentication protocol, there is no notion of signout. Delete the access token on the client – that’s all you can do. If you want to invalidate the token on the server side, add a unique id to it and keep track in your service – you would need to manually … Read more
A well-designed system doesn’t necessarily need to prevent any special characters in usernames. That said, the reason underscores have traditionally been accepted, is that underscore is typically treated as a “word” character, along with letters and numbers. It is usually the only other character given this distinction. This is true in regular expressions, and even … Read more
Just found out, with help from JoseK: Order deny,allow Deny from all AuthType Basic AuthUserFile /www/.site_htpasswd AuthName “Protected Area” require valid-user Allow from 1.2.3.4 Satisfy Any
The reason this doesn’t work is because you’re passing state as an object instead of a string. Seems like passport doesn’t stringify that value for you. If you want to pass an object through the state param, you could do something like this: passport.authenticate(“google”, { scope: [ ‘https://www.googleapis.com/auth/userinfo.profile’, ‘https://www.googleapis.com/auth/userinfo.email’ ], state: base64url(JSON.stringify(blah: ‘test’)) })(request, response); … Read more