remove cookie backend

app/api/subsetter/app/users.py

@@ -5,7 +5,7 @@
 from beanie import PydanticObjectId
 from fastapi import Depends, Request
 from fastapi_users import BaseUserManager, FastAPIUsers
-from fastapi_users.authentication import AuthenticationBackend, BearerTransport, CookieTransport, JWTStrategy
+from fastapi_users.authentication import AuthenticationBackend, BearerTransport, JWTStrategy
 from fastapi_users.db import BeanieUserDatabase, ObjectIDIDMixin
 from httpx_oauth.errors import GetIdEmailError
 from httpx_oauth.oauth2 import OAuth2, GetAccessTokenError, OAuth2Token
@@ -61,33 +61,19 @@ async def on_after_request_verify(self, user: User, token: str, request: Optiona
 async def get_user_manager(user_db: BeanieUserDatabase = Depends(get_user_db)):
     yield UserManager(user_db)
 
-
-cookie_transport = CookieTransport(
-    cookie_max_age=60 * 60 * 24 * 30,
-    cookie_domain=os.getenv("VITE_APP_API_HOST"),
-    cookie_secure=True,
-    cookie_httponly=True,
-    cookie_samesite="lax",
-)
 bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
 
 
 def get_jwt_strategy() -> JWTStrategy:
     return JWTStrategy(secret=SECRET, lifetime_seconds=60 * 60 * 24 * 30)  # one month
 
 
-cookie_backend = AuthenticationBackend(
-    name="cookie",
-    transport=cookie_transport,
-    get_strategy=get_jwt_strategy,
-)
-
 auth_backend = AuthenticationBackend(
     name="jwt",
     transport=bearer_transport,
     get_strategy=get_jwt_strategy,
 )
 
-fastapi_users = FastAPIUsers[User, PydanticObjectId](get_user_manager, [cookie_backend, auth_backend])
+fastapi_users = FastAPIUsers[User, PydanticObjectId](get_user_manager, [auth_backend])
 
 current_active_user = fastapi_users.current_user(active=True)

app/api/subsetter/config/__init__.py

@@ -19,7 +19,7 @@ class Settings(BaseSettings):
     oauth2_client_id: str
     oauth2_client_secret: str
     oauth2_redirect_url: str
-    oauth2_cookie_redirect_url: str
+    vite_oauth2_redirect_url: str
 
     minio_access_key: str
     minio_secret_key: str

app/api/subsetter/main.py

@@ -10,7 +10,7 @@
 from subsetter.app.routers.argo import router as argo_router
 from subsetter.app.routers.storage import router as storage_router
 from subsetter.app.schemas import UserRead, UserUpdate
-from subsetter.app.users import SECRET, auth_backend, cookie_backend, cuahsi_oauth_client, fastapi_users
+from subsetter.app.users import SECRET, auth_backend, cuahsi_oauth_client, fastapi_users
 from subsetter.config import get_settings
 
 # TODO: get oauth working with swagger/redoc
@@ -66,21 +66,14 @@
 app.include_router(
     fastapi_users.get_oauth_router(
         cuahsi_oauth_client,
-        cookie_backend,
+        auth_backend,
         SECRET,
-        redirect_url=get_settings().oauth2_cookie_redirect_url
+        redirect_url=get_settings().vite_oauth2_redirect_url
     ),
-    prefix="/auth/cookie",
+    prefix="/auth/front",
     tags=["auth"],
 )
 
-# This router provides the /auth/cookie/logout endpoint
-app.include_router(
-    fastapi_users.get_auth_router(cookie_backend),
-    prefix="/auth/cookie",
-    tags=["auth"]
-)
-
 app.include_router(
     fastapi_users.get_users_router(UserRead, UserUpdate),
     prefix="/users",

app/env.template

@@ -12,10 +12,14 @@ MINIO_ACCESS_KEY=
 MINIO_SECRET_KEY=
 MINIO_API_URL=api.minio.cuahsi.io
 
-ALLOW_ORIGINS='["http://localhost:*"]'
-
 VITE_APP_NAME=subsetter
+VITE_APP_ORIGIN=http://localhost:5173
+VITE_APP_BASE=/domain-subsetter/
+VITE_APP_URL=${VITE_APP_ORIGIN}${VITE_APP_BASE}
 VITE_APP_API_HOST=localhost
 VITE_APP_API_URL=https://${VITE_APP_API_HOST}/api
-OAUTH2_REDIRECT_URl=${VITE_APP_API_URL}/auth/cuahsi/callback
-OAUTH2_COOKIE_REDIRECT_URl=${VITE_APP_URL}/auth-redirect
+
+ALLOW_ORIGINS=${VITE_APP_ORIGIN}
+OAUTH2_REDIRECT_URL=${VITE_APP_API_URL}/auth/cuahsi/callback
+
+VITE_OAUTH2_REDIRECT_URL="${VITE_APP_URL}#/auth-redirect"