chilly-barista-6524
12/11/2020, 9:13 AMPOST
call to /authenticate
route with username and password which returns a PLAY_SESSION
cookie no matter what the username and password is being passed ( I am aware of the dummy login which is used right now ).
After that it makes a GET
request to api/v1/user/me
route with the PLAY_SESSION
cookie and this route verifies whether the username is actually present or not and sends a response based on that.
But I am not able to understand how is the API hit to api/v1/user/me
logging out a username that is not present. As in, it does not change the cookie or anything. Inside the code as well I am not able to see any logout trigger from getLoggedInUser
( as per the datahub-frontend/conf/routes
file, this is the function that is being hit by api/v1/user/me
route.. )chilly-barista-6524
12/11/2020, 9:36 AMoauth-proxy
(https://github.com/oauth2-proxy/oauth2-proxy) on top of datahub.
I modified the oauth-proxy code to hit /authenticate
route and set the cookie it returns. The cookie being returned is correct ( I can verify by setting this cookie in an actual logged in session and it works there.. )
Now, when I try to login via oauth-proxy PLAY_SESSION
is getting set correctly in the browser, but I am not getting logged in as the api/v1/user/me
has not been hit.. Also, even if I hit the route it does not modify or add any cookie to what is already present.. So I don’t understand the need to hit this route in the first place.
Secondly, Just to make sure, api/v1/user/me
is not setting anything from the backend as well. I tried hitting it as a CURL command from my terminal separately. But I am still not able to login..microscopic-receptionist-23548
12/13/2020, 12:34 AMmicroscopic-receptionist-23548
12/13/2020, 12:34 AMenough-house-33388
12/13/2020, 3:38 AMapi/v1/user/me
resides in Ember side (JavaScript) and is triggered by this line when the corresponding user info isn't found in GMS: https://github.com/linkedin/datahub/blob/master/datahub-frontend/app/controllers/api/v1/User.java#L56