@@ -167,13 +167,24 @@ If the token request is a success. An account/service-name database will be adde
### Why we Need a Proxy
The Oauth dance could be easily wrapped up with the two requests seen above. But since Ecolyo is an application hosted on multiple personnal cloud, following this guideline would mean that we need a **client_id** and a **client_secret** for each one of all the applications running.
The Oauth dance could be easily wrapped up with the two requests seen above. But since Ecolyo is an application hosted on multiple personnal clouds, following this guideline would mean that we need a **client_id** and a **client_secret** for each one of all the applications running.
To answer this problem, it was decided to run a proxy as a middleware that would provide a generic endpoint to cater for all Oauth2 redirections and redirect to the stack that was originally calling the protocol.
To answer this issue, two solutions are possible depending on what the supplier is willing to do.
- Enedis could allow wildcard subdomains when registering the callback URI, it would parse the subdomain and adapt its redirection when answering **/auth** call.
Exemple:
https//*.cozygrandlyon.cloud/account/redirect -> parse subdomain before .cozy
xyz.cozygrandlyon.cloud/account/redirect -> redirect to xyz
toto.cozygrandlyon.cloud/account/redirect -> redirect to toto
- If the supplier (Enedis) is not accepting wildcards, then we put a proxy as a middleware to provide a generic endpoint to cater for all Oauth2 redirections.
#### Result
Henceforth the proxy is now the one calling the auth and token endpoints. It's also the proxy that is registered as redirect_uri.
With that in mind, the proxy is now the one calling the auth and token endpoints. It's also the proxy that is registered as redirect_uri.
