Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace QTWebEngine-based login flow with Globus native login. #12

Open
mikedarcy opened this issue Mar 6, 2021 · 0 comments
Open

Replace QTWebEngine-based login flow with Globus native login. #12

mikedarcy opened this issue Mar 6, 2021 · 0 comments
Assignees
@mikedarcy
Labels
enhancement

Comments

@mikedarcy
Copy link
Collaborator

The use of the embedded Chromium browser in QT5 (QtWebEngine) by deriva-auth is and has been problematic for a few reasons.

First, the bundling environment (cx_freeze) has had trouble with it in the past and may again in the future. Second, the whole idea of embedding a web browser into a frozen bundled environment is dangerous due to the relative lag in being able to apply browser vulnerability patches, since we have to wait for Qt and PyQt releases. Granted, our use of the browser is very limited (i.e., we just use it for login flows), but still, it would be better to not have a dependency on this component, if there are alternatives.

If we change the login flow to use the Globus native-app login via our globus_auth_utils library, the UX would likely be very similar and we would just leverage whatever the default browser on the system is. This needs more investigation and some prototyping, but there is a potential way forward here.
@mikedarcy mikedarcy self-assigned this Mar 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikedarcy mikedarcy

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikedarcy