Adds ability to use API Key to "sign in" #708
Conversation
| Why do we want this? |
Look at the linked issue here wger-project/wger#1847 , without this they wouldn't be able to use the app at all. Since the idea is to set up a 3rd party auth service in front, e.g. Authelia, which ensures that the user is authenticated and passes it on to Wger. This in turn means, that the user does not have a username/password combination that works for Wger (only a username), and they would be unable to sign in using the app. Instead they can provide the API token from the settings page, and use that instead. |
| interesting. thanks. so i suppose this would also require a way to register users with wger and instantiate api keys for them somehow. |
| That's taken care of in this PR wger-project/wger#1859 , when enabled, Wger should assume that any request with e.g. So in the case for the app, that wouldn't be required/make any sense to implement the part for registering, as that would be outside the scope of the app, in the case of having that specific setup. The only way to implement it, would be to open a webview of the instance URL, let the user authenticate, and then point them to the API key page. But I think that is out of scope. I think it's expected, that with a setup that uses Auth Proxy, that registering using the app is not possible :) |
| Yes this would be used when authenticating via an external service or SSO |
| But it would maybe be nice, to hide it under an "advanced options", together with custom server URL as well. |
yes, definitely. I can help you with that (and with the tests) |
| I might have time to look at it, but feel free to take over the PR. I just made it to get the ball rolling, and show the basic idea that I have :) EDIT: changed title and converted to draft to reflect this. I should have started by doing that. |
eyJhb changed the title | I'm thinking if it makes sense to just also enter the api key in the password field. If the username + password combo doesn't work we try sending content as the token in the header |
# Conflicts: # lib/providers/auth.dart
The api token toggle is now only visible when showing a custom server, since at the moment this is the only time when such an auth method makes sense (plus it keeps the rest of the UI cleaner). The different fields in the screen have been moved to individual files, to make the structure clearer.
| Used your solution with the extra field, but made the token toggle only visible when showing the custom server, since this is the only way when using a token directly is useful:
|
rolandgeider changed the title # Conflicts: # lib/screens/auth_screen.dart # test/nutrition/nutritional_plan_screen_test.mocks.dart # test/nutrition/nutritional_plans_screen_test.mocks.dart # test/workout/day_form_test.mocks.dart # test/workout/gym_mode_session_screen_test.mocks.dart # test/workout/repetition_unit_form_widget_test.mocks.dart # test/workout/routine_edit_screen_test.mocks.dart # test/workout/routine_edit_test.mocks.dart # test/workout/routine_form_test.mocks.dart # test/workout/routine_logs_screen_test.mocks.dart # test/workout/slot_entry_form_test.mocks.dart # test/workout/weight_unit_form_widget_test.mocks.dart
3 participants
Description (Proposed Changes)
Link to the issue :
Tests
Unsure how to do this.
Checklist
Please check that the PR fulfills all requirements listed below by checking the relevant checkboxes (
[x]). This will ensure a smooth and quick review process.///).