-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add JWT support #754
Add JWT support #754
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question I had, and this may be more for @rosiegrant , how would JWT support work for someone using the Theme without an iFrame integration? I'm assuming that's a use case we should support. Would they override core.hbs
to invoke the token getter somewhere and pass that to the ANSWERS.init
?
layouts/html.hbs
Outdated
@@ -123,6 +123,10 @@ | |||
window.iframeLoaded = new Promise(resolve => { | |||
iframeLoadedResolve = resolve; | |||
}); | |||
let iframeJWTResolve; | |||
window.iframeJWT = new Promise(resolve => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For my own edification, why do we need to wrap the iframeJWTResolve
in a Promise
here? Could we just set a function on the window
in core.hbs
, not wrap that in a Promise
, and invoke it in the onMessage
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
html.hbs executes before core.hbs, right? I want to prevent the possibility of that function trying to be called before it is put on the window
Updated so that non-iframe experiences can be loaded with JWT with initAnswersJWT |
script/core.hbs
Outdated
{{#if global_config.useJWT}} | ||
const jwtNotProvidedTimeout = setTimeout(() => { | ||
console.warn( | ||
'A JWT is required to initialize this Answers experience because "useJWT" is set to true.\n' + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we change this to say something along the lines of "a JWT has not been received within 5s of page load"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya I think that makes sense. I'll check with Rose on this because that was the error message originally requested in the spec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah I didn't realize the error message was from the spec, thought it was just a nice thing you came up with
Add JWT support which is enabled when useJWT is true in global config For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an `initAnswersFrameJWT` function. The answers experience will load once `initAnswersFrameJWT` is called. For non-iframe experiences, `initAnswersJWT` must be called rather than `initAnswersFrameJWT` The next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds. This PR does not include JWT overlay support. J=SLAP-1118 TEST=manual Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with `useJWT=true` is loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration with `useJWT=false`. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.js Test JWT on non-iframe experiences.
Add JWT support which is enabled when useJWT is true in global config For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an `initAnswersFrameJWT` function. The answers experience will load once `initAnswersFrameJWT` is called. For non-iframe experiences, `initAnswersJWT` must be called rather than `initAnswersFrameJWT` The next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds. This PR does not include JWT overlay support. J=SLAP-1118 TEST=manual Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with `useJWT=true` is loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration with `useJWT=false`. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.js Test JWT on non-iframe experiences.
Add iframe JWT support which is enabled when useJWT is true in global config
For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an
initAnswersFrameJWT
function. The answers experience will load onceinitAnswersFrameJWT
is called.For non-iframe experiences,
initAnswersJWT
must be called rather thaninitAnswersFrameJWT
The next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds.
This PR does not include JWT overlay support.
J=SLAP-1118
TEST=manual
Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with
useJWT=true
is loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration withuseJWT=false
. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.jsTest JWT on non-iframe experiences.