Let's come up with a standardized way to store auth
Corresponding Soapbox FE issue: https://gitlab.com/soapbox-pub/soapbox-fe/-/issues/148
With swappable frontends being a thing, and with at least 4 in active development, I think it would be ideal to make the process of switching frontends seamless for the users. As it stands, moving to a different frontend requires all users to log in again on the new frontend. This is inconvenient and could cause loss of traffic on larger servers.
I believe this is something all frontends will care about, since it's just as valid to switch from Soapbox FE into Pleroma FE, or between any other two frontends.
When I was coding the auth side of Soapbox FE, I made an attempt to mimic Pleroma FE's auth for compatibility, but ran into a few roadblocks:
-
It does not store OAuth expiration info or refresh tokens, making it seemingly impossible(?) for the frontend to handle Pleroma's auto-expire feature. In Soapbox FE I store the entire HTTP response from creating the tokens so we can deal with that.
-
It seems somewhat library specific. It's saved under a key called
vuex-lz
(is this Vue specific?) and seems to use the library localforage, which is another dependency I haven't used. In Soapbox FE I'm storing auth inside of native localStorage.
Pleroma FE auth
Soapbox FE auth
(Don't worry, these aren't live tokens)
The actual file where auth is handled in Soapbox FE can be found here: https://gitlab.com/soapbox-pub/soapbox-fe/-/blob/develop/app/soapbox/reducers/auth.js
It uses two keys in localStorage:
soapbox:auth:app
soapbox:auth:user
Anyway I just wanted to open an issue here to get started thinking about this problem. I don't have a proposal or anything, but I think it will probably be something we'll want to figure out.
If we decide we can't come up with a standardized way, then I'll probably be adding an Authmogrifier to Soapbox FE to handle all the auth from different frontends.