Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove authorisation from file picker or use an iframe #43

Open
LukasHirt opened this issue Apr 28, 2021 · 3 comments
Open

Remove authorisation from file picker or use an iframe #43

LukasHirt opened this issue Apr 28, 2021 · 3 comments
Labels
question Further information is requested

Comments

@LukasHirt
Copy link
Collaborator

LukasHirt commented Apr 28, 2021
edited
Loading

Current state

As of now, we're including the whole authorisation flow in the file picker. Devs integrating the file picker can set up the config with oauth2 or OIDC or pass a bearer token and skip this flow. No matter what approach is chosen, the bundle always contains all authorization parts.

Problems

Since it's part of the bundle it results in a much bigger size. Since we're using the web component, the user always has to pull the full bundle. So with authorisation, we're pulling a lot of mostly unnecessary code. This results in slower loading time and of course bigger data consumption... And of course, there is the needed maintenance of the code.

Possible solutions

I know that we already discussed dropping the authorisation from the file picker and depend only on the already provided bearer token and in the end it was decided to keep it. I'd like to revisit this though and try to think about dropping it again. So far no use case (AFAIK we had only 3 integrations so far which is not that much) for authorisation has been made... We could still provide even a separate bundle for the authorisation only if the need for it would arise at any time.

If we would still have to keep the authorisation though, I'd like to propose switching to iframe from web component... with that, we could have a real Vue app from it and reuse all the awesome things like code splitting, etc. This is e.g. how dropbox does it.

As you decided to keep the authorisation (#17 (comment)) @pmaier1 I'd love to hear your thoughts about this.
@LukasHirt LukasHirt added the question Further information is requested label Apr 28, 2021
@LukasHirt
Copy link
Collaborator Author

TBH I am more for the iframe solution 🙈 😁

@kulmann
Copy link
Member

kulmann commented Apr 28, 2021

IMO we should drop the authentication as it's not part of any use case so far. When a use case arises where the file picker needs built in authentication we can come up with a solution then. All in for keeping the bundle size small and the code lean and maintainable.

@kulmann kulmann mentioned this issue Apr 28, 2021
Open
@LukasHirt
Copy link
Collaborator Author

LukasHirt commented Aug 12, 2021
edited
Loading

Already two use cases arose where auth inside file picker is used. Unless we decide that also the iframe is a no-go I would close this ticket...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kulmann @LukasHirt