Perl 6 - the future is here, just unevenly distributed

IRC log for #confidant, 2016-05-05

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 Ryan_Lane ok. added some defaults for the session lifetimes
00:15 wm-bot GitHub [lyft/confidant] ryan-lane closed issue quickstart unauth'd user returns 500 on creating services or credentials.: https://github.com/lyft/confidant/issues/59
00:19 abrody Oh excellent, @Ryan_Lane, and I guess you found a way to handle CSRF protection?
00:20 Ryan_Lane yeah. I set the xsrf token at login
00:20 Ryan_Lane since both authomatic and saml are handling csrf for the login flow
00:20 Ryan_Lane well, you're specifically handling csrf by setting a request id and popping it later for saml
00:21 Ryan_Lane authomatic does this automatically for oauth
00:21 abrody Yeah I nearly forgot to do that in SAML, probably a good idea to check my work
00:21 abrody >.>
00:21 Ryan_Lane so, most of the static code doesn't require auth now
00:21 Ryan_Lane just the custom paths
00:22 Ryan_Lane the interface will load, see you're not logged in and will redirect you to /loggedout
00:22 Ryan_Lane (I changed /logout to /loggedout)
00:22 Ryan_Lane when you click login, it sends you to /v1/login
00:22 Ryan_Lane so, it's possible you'll need to modify your callback urls
00:23 Ryan_Lane since /v1/login is now the callback location
00:23 Ryan_Lane when the auth flow finished, it redirects you to wherever you should be going
00:24 Ryan_Lane I wasn't able to test the SAML flow here. you may want to test it to make sure I didn't break you
00:25 Ryan_Lane there's a session lifetime and max session lifetime. user actions will extend a user's session expiration. it can be extended up to the max session lifetime
00:25 Ryan_Lane when I was looking at xsrf I made sure both our implementations handled xsrf for login :)
00:26 Ryan_Lane looks correctly implemented for saml
15:20 RandyT joined #confidant
19:17 wm-bot GitHub [lyft/confidant] new issue by ryan-lane: Logging in with incorrect google oauth domain should redirect to error page https://github.com/lyft/confidant/issues/64
19:22 wm-bot GitHub [lyft/confidant] new issue by ryan-lane: Add a services blacklist regex https://github.com/lyft/confidant/issues/65
20:37 ambrons joined #confidant

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary