Separate OAuth2 info from Sessions into Identities #5953
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This allows us to retain the OAuth2 info even if the session is deleted. This also provides a foundation for allowing multiple emails, phone numbers, etc, not from an OAuth2 provider.
Setting a password can cause problems with other APIs that expect the password to be null. In addition, it doesn't match the implementation for the other APIs that create a user without a password (Create Magic URL Session, Create Phone Session, Create Anonymous Session, etc).
Until we have a clearer picture of why we need it, it would be best to remove it since it's easier to add it later than to remove it after it's released.
This will allow developers to set up a job to find expired access tokens so they can refresh them.
84f2df6 to
f3fa792
Compare
2 tasks
These secrets can be used to store data from the provider that may or may not be sensitive. For example, this will be used by the migration API when connecting to Firebase to store the service account used for the migration. This data will only be used internally inside Appwrite and not exposed to an end user or developer.
christyjacob4
approved these changes
Aug 9, 2023
| @@ -0,0 +1 @@ | |||
| 10000 | Get currently logged in user list of identities. | ||
There was a problem hiding this comment.
Suggested change
| Get currently logged in user list of identities. | |
| Get the list of identities for the currently logged in user. |
There was a problem hiding this comment.
I matched the convention of some of the other descriptions like list-sessions.md so I'll update that too like:
-Get currently logged in user list of active sessions across different devices.
+Get the list of active sessions across different devices for the currently logged in user.and how about these two?
account/get-prefs.md:
-Get currently logged in user preferences as a key-value object.
+Get the preferences as a key-value object for the currently logged in useraccount/get.md:
-Get currently logged in user data as JSON object.
+Get currently logged in user.
christyjacob4
approved these changes
Aug 9, 2023
|
This has been merged into |
This was referenced Sep 1, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This allows us to retain the OAuth2 info even if the session is deleted. This also provides a foundation for allowing multiple emails, phone numbers, etc, not from an OAuth2 provider.
This PR was created to target cl-1.4.x.
In addition, this PR adds a secrets attribute to the identities collection. These secrets can be used to store data from the provider that may or may not be sensitive.
For example, this will be used by the migration API when connecting to Firebase to store the service account used for the migration.
This data will only be used internally inside Appwrite and not exposed to an end user or developer.
Data here is tied to the user identity so that it can be removed when the user or the user identity is removed.
Test Plan
Manual
Related PRs and Issues
Checklist