Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for legacy session tokens #1749

Closed
wants to merge 4 commits into from
Closed

Added support for legacy session tokens #1749

wants to merge 4 commits into from

Conversation

ewindso
Copy link

@ewindso ewindso commented May 10, 2016

For people with older Parse apps that need to migrate and haven't upgraded yet to revocable sessions, this will allow them to set legacySessionTokens to true in order to look for sessionToken from _User in Auth.

@ewindso ewindso mentioned this pull request May 10, 2016
Closed
@drew-gross
Copy link
Contributor

Hey, thanks for the help! This has been a highly requested feature. I have a couple requests:

There needs to be a migration path for people to get onto revocable sessions. This means both types have to work simultaneously. Check the docs for how this is done on api.parse.com

We need some tests for this. Since it's a security feature, it will require pretty heavy testing. Because revocable sessions aren't issued by Parse server, only consumed, you may have to write some legacy format data directly to mongo for your tests.

For consistency with parse.com, please change the name of this setting to requireRevocableSessions and invert the logic.

@steven-supersolid
Copy link
Contributor

Thanks for doing this :)

This may be for a separate PR but being able to migrate sessions would be useful so you may want to consider it now. Should be able to read either session format as noted above and then if enableRevocableSessions is true save out in the new format. Suggest enableRevocableSession be true by default. enableRevocableSession only has meaning when requireRevocableSessions is false.

@ewindso
Copy link
Author

ewindso commented May 16, 2016

@drew-gross @steven-supersolid thanks guys. I didn't add it here as it's more of a hack (as I need this to work asap), but on this commit: ewindso@73e1c8e there's a change to where it will first attempt to use what's new, then go back to legacy, and if nothing then no-auth.

@drew-gross drew-gross mentioned this pull request May 18, 2016
Closed
@drorsun
Copy link

drorsun commented May 23, 2016

Hi guys, thanks from our side for doing this as well. We're having problems related to legacy session Tokens. When do you plan to merge this?

@cjosepha cjosepha mentioned this pull request Jun 26, 2016
Closed
3 tasks
@zvonicek
Copy link

zvonicek commented Jul 5, 2016

Any update on this PR? I'm about to migrate to Parse Server but found out Revocable Session is off on my app. I'm setting up the session migration code in next app update, but still, it will take weeks to release it, wait till users update and run the updated app.

@ewindso ewindso closed this Jul 5, 2016
@ewindso
Copy link
Author

ewindso commented Jul 5, 2016

@zvonicek This still needs a bunch of tests -- I closed this PR as what I'm using in Prod is here: https://github.com/ewindso/parse-server/tree/auth

However I didn't want to open another PR yet until things are updated on that end.

@drorsun
Copy link

drorsun commented Jul 7, 2016

@ewindso Can we count on this feature being added eventually and if so - when ?

@abhijeet-aressindia abhijeet-aressindia mentioned this pull request Nov 3, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ewindso @drew-gross @steven-supersolid @drorsun @zvonicek