Integration of Luigi with authentication provider that does not have PKCE enabled

[alexandra-simeonova]

We are integrating Luigi with an authentication provider that does not have PKCE enabled and mandates the client secret to be passed for retrieving a token. It’s not secure to keep client_secret in luigi_config. Can Luigi's CustomAuthenticationProvider help us integrate with the provider in the backend? And if yes, then is there a reference codebase for CustomAuthenticationProvider?

[stanleychh]

Luigi’s authentication provider mechanism is intended to support developers in integrating "standard" client-side-flow authentication providers, like OIDC. If your scenario requires a custom backend implementation, I would rather recommend not to use it since it would add unnecessary complexity. The good thing is that Luigi also works perfectly fine without it, and you can easily secure your application as any other "conventional" application (i.e. on server side with some session cookie based approach).

Here is a small example of how it can look like:

<!DOCTYPE html>
<html lang="en">
  <head>
  <title>Hello Luigi</title>
      <link rel='stylesheet' href='https://unpkg.com/@luigi-project/core/luigi.css'>
      <script src='https://unpkg.com/@luigi-project/core/luigi.js'></script>
      <meta charset="utf-8">
  </head>
  <body>
      <script>
          fetch('https://jsonplaceholder.typicode.com/users/1') // replace fake data by call to your backend
          .then(async data => {
              const user = await data.json();
              // init luigi after required data have been fetched from backend
              Luigi.setConfig({
                  navigation: { 
                      /*************************************
                       * use fetched userinfo in 
                       * luigi profile menu config
                       * 
                       *************************************/
                      profile: {
                          logout: {
                              customLogoutFn: () => {
                                  window.location.href = '/path/to/your/logout.html'
                              }
                          },
                          staticUserInfoFn: () => {
                              return {
                                  name: user.name,
                                  email: user.email
                              }
                          }
                      },
                      nodes: [{ 
                          pathSegment: 'home', 
                          label: 'Home', 
                          hideFromNav: true, 
                          children: [{ 
                              pathSegment: 'hello', 
                              label: 'Hello', 
                              icon: 'home',
                              viewUrl: 'https://fiddle.luigi-project.io/examples/microfrontends/multipurpose.html',
                              context: {
                                  title: 'Hello',
                                  content: 'Luigi'
                              }
                          }] 
                      }]
                  },
                  routing: { 
                      useHashRouting: true 
                  }, 
                  settings: { 
                      responsiveNavigation: 'Fiori3',
                      header: { 
                          title: 'Test'
                      } 
                  } 
              });    
          });
      </script>
  </body>
</html>