Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25519

Add a redirection to a custom protocol into drive_login.jsp

    XMLWordPrintable

    Details

      Description

      Current Situation

      Drive uses a WebView to open the acquire_token.jsp webpage. The WebView is only used for authentication.
      But it has several drawbacks.

      Security Reasons

      The address bar is not shown.
      The user cannot check the HTTPS status nor use any addon/context menu to do anything.

      Maintenance and Packaging Costs

      To be able to use the WebView, we need to have an up-to-date PyQt5 version. But starting with the version 5.11, packagers do not ship the WebEngine module anymore on Windows 32 bits.
      So for now we are using a different PyQt5 version for Windows and for GNU/Linux and macOS, which is working. We do not want to be stuck with an old version on Windows.
      Moreover the situation will not evolve, so the gap will be more and more large with the time.

      Another little thing: PyQt5 with the WebEngine size is 60 Mo heavier than without. So Drive could benefit of lighter installers and lesser packaging time.

      Solution

      The future proof solution is to use the user's browser.
      As other applications are doing for authentication (Slack, Zoom, the Mobile app and others), they just open a new tab with the authentication URL and parameters. Then the server redirects to a predefined URL with a token.

      The idea is to use the custom protocol handler like we are doing with DirectEdit: nxdrive://COMMAND/ARGUMENTS.
      We can simply tell the server to redirect to nxdrive://token/TOKEN.

      Changes are little and simple: we are copying data from acquire_token.jsp into drive_login.jsp and do the redirection to the custom protocol.
      We are only targeting the Nuxeo Drive addon, so we do not rely on a given HF and the feature is directly available to customers.

      There is only one inconvenient: when the server will do the redirection, the tab will still be opened in the user's browser.
      We do not have power on the browser, the user will have to close it is manually. But this is not a big deal, applications like Zoom have the same "problem".
      Also we do not consider that a problem given the number of times a user will have to authenticate in Drive.

      Rejected Ideas

      • Drop the support for Windows 32 bits. Even if new machines comes with 64 bits support by default since some time, we still have too many people that are on 32 bits machines to drop its support.
      • Apply changes into the acquire_token.jsp file. But this would imply to drop the support of old HF of the server. This is important, because as Drive supports all officially supported versions of the server, it would be difficult to set a minimum server version to high. Also, we cannot force customers to install latest HF just for Drive.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 1 hour
                  2d 1h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.