Clerk authentication#118
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
blms
left a comment
There was a problem hiding this comment.
Code looks good, and it works well! I added a note about VITE_CLERK_SIGN_IN_URL after some local testing.
|
@camdendotlol were you able to get the client to pick up env vars from |
Yes, FairImage only needs a Did you run the app using |
|
Ah, that was it, thanks. I was running it with |
Summary
This PR migrates FairImage to Clerk. (Note: Unlike similar changes to FairData, etc., FairImage does not retain a local authentication mode, and will require Clerk from here on out.)
The most notable code changes are the removal of a bunch of stuff:
jwt-authgem as well asbcryptAdmin status is tied to the
is_global_adminfield in Clerk private metadata that we've been using across other Performant Studio apps.Testing
I did not write a Clerk migration script due to the small number of users and orgs, so this will not be immediately ready to test after deployment until I update everyone's SSO IDs in the Rails console.
FairImage enables the Sidekiq admin UI which is separated from the rest of the Rails app but was set up to require a username/password from an admin account. I've updated this code to check for a Clerk cookie instead, but testing it locally would be tricky so this is a high priority to double-check once staging is deployed.
Lastly, we should make sure that the API key system remains working and unchanged, and that edits on the user/org forms still work.