Skip to content

Add Plash Auth#54

Merged
RensDimmendaal merged 34 commits intomainfrom
feat-add-oauth
Aug 4, 2025
Merged

Add Plash Auth#54
RensDimmendaal merged 34 commits intomainfrom
feat-add-oauth

Conversation

@RensDimmendaal
Copy link
Copy Markdown
Contributor

@RensDimmendaal RensDimmendaal commented Jul 10, 2025
edited
Loading

This PR adds the oauth feature for plash apps.

  • remove branch info from examples/auth/requirements.txt

@gitnotebooks
Copy link
Copy Markdown

gitnotebooks Bot commented Jul 10, 2025

Found 2 changed notebooks. Review the changes at https://app.gitnotebooks.com/AnswerDotAI/plash_cli/pull/54

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jul 10, 2025

📖 Documentation Preview: https://plash-docs-pr-54.pla.sh

@algal
Copy link
Copy Markdown

algal commented Jul 10, 2025
edited
Loading

This is a comment about the example code in the documentation.

In that code, an app checks if a user is logged in to an app by examining session.get('user_id'), and an app logs a user in by doing session['user_id'] = uid.

But then the app logs a user out by doing session.clear(), rather than clearing only the user_id property with a statement like session.pop('user_id', None).

I am not sure, but I think it might be better if the logout example showed clearing only the user_id property. Here's why:

  1. It's more consistent and locally comprehensible. If someone is reading the logout code session.pop('user_id',None) (or del session['user_id']) then they know that the effect of it is to clear the user_id property, and that the user_id property alone is what determines the user's login state wrt that app.

  2. It avoids unintended side-effects on the app. An app developer might store other data in the session besides the login state. Clearing all session state on logout might clear that other state unintentionally. If the developer wants to clear that other state at logout, they should do it explicitly and therefore intentionally.

  3. It avoids unintended side-effects on Plash. Plash also stores a token in the session associated with that app's domain. So session.clear() will also clear that state. Will it have a different effect on future login attempts if that state is also cleared -- that is, if the app does session.clear() vs session.pop('user_id',None) ? If there is a difference and it matters, then perhaps this doc should be more clear and prescriptive that one of the ways is right and the other is wrong. If there is no difference or a minor difference which does not matter, that would be great, but we should be sure of that.

@RensDimmendaal
Copy link
Copy Markdown
Contributor Author

RensDimmendaal commented Jul 11, 2025

@algal thanks for the comment. Ive adopted the changes you've suggested!

@RensDimmendaal RensDimmendaal changed the title Draft: oauth Add Plash Auth Aug 4, 2025
@RensDimmendaal RensDimmendaal added the enhancement New feature or request label Aug 4, 2025
@RensDimmendaal RensDimmendaal merged commit 1e62218 into main Aug 4, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KeremTurgutlu KeremTurgutlu Awaiting requested review from KeremTurgutlu

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RensDimmendaal @algal