Add JWT support #754
Add JWT support #754
Conversation
There was a problem hiding this comment.
One question I had, and this may be more for @rosiegrant , how would JWT support work for someone using the Theme without an iFrame integration? I'm assuming that's a use case we should support. Would they override core.hbs to invoke the token getter somewhere and pass that to the ANSWERS.init?
layouts/html.hbs
Outdated
| @@ -123,6 +123,10 @@ | |||
| window.iframeLoaded = new Promise(resolve => { | |||
| iframeLoadedResolve = resolve; | |||
| }); | |||
| let iframeJWTResolve; | |||
| window.iframeJWT = new Promise(resolve => { | |||
There was a problem hiding this comment.
For my own edification, why do we need to wrap the iframeJWTResolve in a Promise here? Could we just set a function on the window in core.hbs, not wrap that in a Promise, and invoke it in the onMessage?
There was a problem hiding this comment.
html.hbs executes before core.hbs, right? I want to prevent the possibility of that function trying to be called before it is put on the window
Updated so that non-iframe experiences can be loaded with JWT with initAnswersJWT |
script/core.hbs
Outdated
| {{#if global_config.useJWT}} | ||
| const jwtNotProvidedTimeout = setTimeout(() => { | ||
| console.warn( | ||
| 'A JWT is required to initialize this Answers experience because "useJWT" is set to true.\n' + |
There was a problem hiding this comment.
Should we change this to say something along the lines of "a JWT has not been received within 5s of page load"
There was a problem hiding this comment.
Ya I think that makes sense. I'll check with Rose on this because that was the error message originally requested in the spec
There was a problem hiding this comment.
ah I didn't realize the error message was from the spec, thought it was just a nice thing you came up with
Add JWT support which is enabled when useJWT is true in global config For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an `initAnswersFrameJWT` function. The answers experience will load once `initAnswersFrameJWT` is called. For non-iframe experiences, `initAnswersJWT` must be called rather than `initAnswersFrameJWT` The next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds. This PR does not include JWT overlay support. J=SLAP-1118 TEST=manual Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with `useJWT=true` is loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration with `useJWT=false`. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.js Test JWT on non-iframe experiences.
Add JWT support which is enabled when useJWT is true in global config For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an `initAnswersFrameJWT` function. The answers experience will load once `initAnswersFrameJWT` is called. For non-iframe experiences, `initAnswersJWT` must be called rather than `initAnswersFrameJWT` The next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds. This PR does not include JWT overlay support. J=SLAP-1118 TEST=manual Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with `useJWT=true` is loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration with `useJWT=false`. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.js Test JWT on non-iframe experiences.
Add iframe JWT support which is enabled when useJWT is true in global config
For iframe experiences, add iframe-jwt.js (along with prod and staging versions) which provide an
initAnswersFrameJWTfunction. The answers experience will load onceinitAnswersFrameJWTis called.For non-iframe experiences,
initAnswersJWTmust be called rather thaninitAnswersFrameJWTThe next PR will ensure that the apiKey from the jambo injected data will not appear in the output of any builds.
This PR does not include JWT overlay support.
J=SLAP-1118
TEST=manual
Test iframe-jwt.js and see that the page doesn't load until initAnswersFrame is ran. Test supplying valid and invalid tokens. Test navigating between pages and refreshing the page. Test that if the answers experience with
useJWT=trueis loaded directly (not through the iframe), and error message appears in the console. Smoke test the non-iframe experience and the the overlay integration withuseJWT=false. Test JWT locally and on SGS. Test in a cross-domain manner with a local test site which points to an answers experience on SGS which is running this branch. On SGS, test iframe-jwt-prod.js and iframe-jwt-staging.jsTest JWT on non-iframe experiences.