Feature Request: Login with Dex button on the /login page
#4236
Comments
|
@Saranya-jena @vanshBhatia-A4k9 @ksatchit any plans to support this or are you open to contributions for this issue? I am happy to contribute this. People landing on the Litmus UI login page often get confused about how to log in via Dex unless they have bookmarked the URL. |
Hey @smitthakkar96, |
|
@vanshBhatia-A4k9 how would you suggest we can fetch this information? Since the Frontend is built and then served statically from nginx, I suppose we can't leverage environment variables directly. Some apps sometimes have an "capabilites" endpoint in which we can fetch some information. Would that be suitable for the Login page? sequenceDiagram
actor Client
participant LitmusUI
participant LitmusAuthServer
Client->>+LitmusUI: /login
LitmusUI->>+LitmusAuthServer: /capabilities
LitmusAuthServer->>-LitmusUI: {DEX_ENABLED: false}
alt Is DexIDP Enabled?
LitmusUI->>Client: Login Page With DEX button
else
LitmusUI->>Client: Login Page
end
deactivate LitmusUI
Otherwise we would have to work with multi builds concept when dex is enabled, which would prevent to add more SSO. WDYT? |
|
@Saranya-jena @vanshBhatia-A4k9 could you provide feedback on the approach proposed by @williamokano, our users are getting confused when they land on the login page and don't see option to login with SSO and we would like to see if we can implement this. |
|
Hi @smitthakkar96 , thanks for sharing the approach. Will review it shortly and reply here. |
|
@Saranya-jena any updates here? |
|
Can I give it a try? I have implemented OAuth protocols earlier. |
|
Hey @kartikaysaxena please go ahead picking this |
|
Thanks for your time on detailing your approach @williamokano , litmus/chaoscenter/authentication/api/main.go Lines 167 to 169 in f05556a I think instead of making another route named litmus/chaoscenter/authentication/api/routes/dex_router.go Lines 11 to 14 in f05556a I don't we need a whole new route to fetch this. cc: @Saranya-jena |
|
I think it’s a good idea @DarthBenro008 . when I suggested the capabilities I had way less knowledge about the internals of litmus, I didn’t know, for example, that that it’s the only idp supported at the moment, so I think your idea is great. |
|
Makes sense though an explicit capabilities endpoint would make it more extensible however approach suggested above would also work no strong opinions :) |
|
I agree that the approach is not extensible, however my opinion comes strongly from a 'keep it simple' and security standpoint, the con of a route querying an ENV Var sounds like a lot of effort to review that it cannot be manipulated to fetch other details, ofc if the frontend needs more than one variable of such kind in future, we can take the efforts to create another route and ensure it's security. |
|
@DarthBenro008 I hope you don't mind me asking for some clarification regarding your suggestion. Upon looking the code here, it appears that accessing the |
|
Always happy to help!, i'd like to understand in what case is this "extra" process not required? At the moment, if you are using Dex with Litmus, you'd need all these endpoints and this is the process flow as per my understanding.
The only other login method is the normal auth, which doesn't deal with dex? |
|
I appreciate your prompt response, even over the weekend. Apologies for any confusion in my previous message. To ensure we're aligned, in your comment here, you suggested initiating a call to the
Until the user actually interacts with the Dex login button, triggering the logic within |
|
Thanks for an elaborate explanation, this does make a lot of sense! A suggestion is to make a POST/(any other than GET) call method instead, if you hit a 405 (method not allowed), the endpoint exists, if you get a 404 (endpoint not found) the endpoint doesn't exists. This way we won't be able to trigger the logic of redirects. I also personally now think this is a very hacky, but indeed a working solution. 😃 |
|
I am not sure if this has something to do with how Auth Server is configured. The current behaviour is instead of returning {"error":"unauthorized","errorDescription":"The user does not have requested authorization to access this resource"}%I also explored the possibility of using an OPTIONS request to verify the existence of the Dex login route. However, it appears to return a 204 status code irrespective of the route's existence, which doesn't help in our case. Going back to your initial concern regarding adding the In search of inspiration, I also looked into how other open-source projects have implemented similar functionalities. For instance, ArgoCD exposes certain settings (code) that the frontend utilizes to adjust UI elements dynamically. As you said, |
|
Thanks for the detailing @smitthakkar96 , i think let's go ahead with the new route.
Would you be taking this up? |
Sure
Sure happy to help :) |
We tried to follow instructions to enable Dex Oauth with Litmus, and it works great; however, it requires us to open
/auth/dex/loginto be able to use it. New users unaware of this might attempt to log in normally, which wouldn't work. It would be nice to have a button to log in with Dex on the login itself page whenDEX_ENABLEDis true. ArgoCD also does something similar. Attached is the screenshot of the login page when keycloack integration is enabled on Argo for inspiration.The text was updated successfully, but these errors were encountered: