This repository has been archived by the owner on Mar 4, 2025. It is now read-only.
Update authentication flow #881
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Problem
Currently, the web arena uses custom code for validating the
tcssocookie:https://github.com/appirio-tech/arena-web/blob/9d1b51c62b5619688baefe71b93ec0a45229524b/app/index.html#L20
There's also code here that uses it:
https://github.com/appirio-tech/arena-web/blob/9d1b51c62b5619688baefe71b93ec0a45229524b/app/js/resolvers.js#L137
https://github.com/appirio-tech/arena-web/blob/9d1b51c62b5619688baefe71b93ec0a45229524b/app/js/factories.js#L1068
https://github.com/appirio-tech/arena-web/blob/9d1b51c62b5619688baefe71b93ec0a45229524b/app/js/factories.js#L1071
https://github.com/appirio-tech/arena-web/blob/9d1b51c62b5619688baefe71b93ec0a45229524b/app/js/controllers/baseCtrl.js#L661
The problem is that we no longer want to use the
tcssocookie for the web arena. Instead, we just want to validate that the JWT token is valid, similar to what the community app does, using the TC Core Lib dependencySolution
Instead of using
tcssomanually in the arena web, we want to transition to using the TC Core Lib dependency linked to above, in the web arena.The TC Core Lib uses the v3 bearer token instead of
tcsso, which is more current and easier to manage for Topcoder.Examples:
Caveats
We need to make sure that the arena still can call the APIs appropriately using the updated bearer token. I don't see anywhere where we are using the
tcssotoken, but there are a couple places where the arena code appears to be using thejwtToken. This should be the same as the v3token, but we'll need to ensure that it still works as expected when we switch to use the TC Core Lib dependency.For reference:
Testing
Testing details will be provided in the F2F challenge forum.
The text was updated successfully, but these errors were encountered: