Skip to content

Add configurabe authentication#758

Draft
garrettjstevens wants to merge 4 commits intomainfrom
configurabe_authentication
Draft

Add configurabe authentication#758
garrettjstevens wants to merge 4 commits intomainfrom
configurabe_authentication

Conversation

@garrettjstevens
Copy link
Contributor

@garrettjstevens garrettjstevens commented Feb 17, 2026

This adds an extension point for configurable authentication. Draft for now, more info to come if this idea ends up working out.

@garrettjstevens garrettjstevens self-assigned this Feb 17, 2026
@garrettjstevens garrettjstevens mentioned this pull request Feb 17, 2026
Open
@garrettjstevens
Allow no-click login if no login window is needed
a1542a8 
This only works if there is a single login type configured and it does
not need a popup login window (currently only the guest login).
@garrettjstevens
Add extension point for custom authentication
41c14ae
@garrettjstevens
Fix missing __dirname
cd02de7
@garrettjstevens garrettjstevens force-pushed the configurabe_authentication branch from 6ff874a to cd02de7 Compare February 17, 2026 22:44
@garrettjstevens
Copy link
Contributor Author

garrettjstevens commented Feb 17, 2026

One thing I tried to do with this is to allow users to not have to click on a login button if there is only a single login type configured. I realized, however, that if the login flow opens a popup window, like with Google or Microsoft, then without the explicit user interaction of clicking on the login button, the browser blocks the popup window. I therefore made it so that users can skip clicking a login button only if there is a single login type configured and it doesn't need a popup window (which only applies to guest login for the built-in types, but could apply to custom auth types).

@garrettjstevens
Copy link
Contributor Author

garrettjstevens commented Feb 17, 2026

I tried this out with a custom plugin. I manually added the header { 'X-Apollo-Custom': 'Test User;test@user.com' } to the login request, and it worked to create a user from that header. Here's the full plugin code:

import Plugin from "@jbrowse/core/Plugin";
import type PluginManager from "@jbrowse/core/PluginManager";
import type { Request } from "express";
import { version } from "../package.json";

export default class ApolloCustomAuthPlugin extends Plugin {
  name = "ApolloCustomAuthPlugin";
  version = version;

  apolloInstall(pluginManager: PluginManager) {
    pluginManager.addToExtensionPoint(
      "Apollo-RegisterCustomAuth",
      (
        customAuths: Map<
          string,
          {
            message: string;
            needsPopup: boolean;
            handler: (
              request: Request,
            ) => Promise<{ name: string; email: string }>;
          }
        >,
      ) => {
        customAuths.set("custom", {
          message: "Sign in with Custom Auth",
          needsPopup: false,
          handler: async (request: Request) => {
            const remoteUser = request.headers['x-apollo-custom'];
            if (!remoteUser || Array.isArray(remoteUser)) {
              throw new Error("Invalid remote user");
            }
            const [name, email] = remoteUser.split(";");
            return { name, email };
          },
        });
        return customAuths;
      },
    );
  }
}

Now I need to see if this works for a more complicated login type, e.g. an Oauth provider that's not Google or Microsoft.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@garrettjstevens garrettjstevens

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garrettjstevens

Comments