Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for browser wallets (like Alby) #6

Closed
reneaaron opened this issue Mar 11, 2022 · 4 comments
Closed

Support for browser wallets (like Alby) #6

reneaaron opened this issue Mar 11, 2022 · 4 comments

Comments

@reneaaron
Copy link

Currently this authentication strategy does not work with in-browser wallets like Alby. (see getAlby/lightning-browser-extension/issues/662 for details)

After debugging this strategy for quite some time I finally found the root cause, where resave is set to true when configuring the session.

app.use(session({
	secret: '12345',
	resave: true, 
	saveUninitialized: true,
}));

While this works fine when you use a separate wallet (like on your mobile phone), using an in-browser wallet won't work because both the browser and the wallet share the same session and interfere with each other as resave will cause the changes on the session object to be overwritten at the end of the request.

My quick-fix was to set resaveto false but since there could be people out there who rely on this configuration it would probably be a good idea to change the implementation to somehow support both configurations.
@reneaaron reneaaron mentioned this issue Mar 21, 2022
Closed
@chill117
Copy link
Owner

I think you are referring to the sample web server example. That is provided merely as a starting point for users of this module who would like to see a full working example. Nodejs and specifically express.js give a lot of freedom to the developer to decide how to build and structure their web applications. I don't think any changes are required to this module, unless I am missing something else?

@reneaaron
Copy link
Author

While this issue was found in the sample web server example this module currently does not work with in-browser wallets for all applications that set their session configuration to resave: true.

However, some applications won't be able to change their session configuration. I think it would be a nice thing if this module would support this use-case regardless of the specific session configuration in place.

Please let me know if I can be of any help. 🙌

chill117 added a commit that referenced this issue Aug 19, 2022
@chill117
Fix issue #6 - e.g. when user authenticates with GetAlby or other ext.
987fc5f
@chill117
Copy link
Owner

chill117 commented Aug 19, 2022
edited
Loading

Fixed by 987fc5f

It was necessary to overwrite the req.session object so that when "resave" is true, it includes the changes made to the session object. @reneaaron Thanks for reporting the issue and for providing more context - it helped to finally solve the problem.

@reneaaron
Copy link
Author

Awesome, thanks for fixing it! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chill117 @reneaaron