Architecture to Google OAuth
Hi,
I'm trying to self-host twenty and add auth that restricts Google Sign in to specific email addresses with a new login page. I'm getting errors in docker.
Here's what I did:
1. Created twenty-auth-backend package with an emails guard. In twenty-server: Added guard to google-auth.controller.ts. Added providers to app.module.ts
2. Created twenty-auth-frontend package with a custom login page. In twenty-front: Created custom Sign In Page (src/pages/auth/_custom-sign-in-up.tsx). Modified router in useCreateAppRouter.tsx
For running the code, I modified the docker-compse.yml accordingly. But keep getting errors.
I would really appreciate any help!
7 Replies
Hello @Amiteshwar, what's your problem/error ?
Hey @Prastoin, I solved that but I have 2 questions as I'm trying to use twenty to gather information in siloed environments but admins could view all data. I think I could accomplish this in 2 way:
1. I'm trying to build object-level access (i.e. certain users seeing specific views). This is tough since it'll require modifying the Twenty UI to hide other view & not really secure
OR
2. Create different workspaces for different users. And, then aggregate data from different workspaces for data in the admin workspace where admin can see all data in one place.
Do you have any suggested approach to solve either approach?
I would appreciate any help
Hello @Amiteshwar ,
We're currently working on permissions
Unless I'm mistaken object model scoped permissions is planned for Q2 within the Permissions V2 epic
From my point of view I see two main possibilities:
- 1 Find your way through custom intégration ( not the most sustainable )
- 2 Find a compromise with the current permissions implementation that might do the trick for you
Regarding synchronized workspaces, this could become very complex as by definition authentication is highly binded to a single pg schema but indeed
Coucou @marie @Weiko
Thank you @Prastoin I appreciate your time help!
As I'm building on top of twenty, I'm not able to see the "Add Objects" button in settings. Also, I'm not able to save new fields to existing objects -- essentially, I don't see the blue Save button at the top right and hence can't save for the admin users.
Here's what I've done & what I suspect. I'd be grateful for direction / your input.
1. I Implemented OAuth Sign in w Google with access to only specific emails (made a custom SignInUp.tsx file & used that route in useCreateAppRouter.tsx for SignUp)
2. In twenty-server: Modified 2 files in /src/engine/core-modules/auth/services: auth.service.ts (bypassed all access checks for my emails) & sign-in-up.service.ts (assign existing workspaces to my users & set canImpersonate, canAccessFullAdminPanel = true)
The user has Admin role with "canUpdateAllSettings" set to "true".
I would appreciate your help
Hello @Amiteshwar
Are you still rebasing your fork to Twenty's latest version ? Or are you an old one ?
You might have broken few things while integrating your auth abstraction
I feel like you have two issues ?:
- custom google specific domain auth intégration -> have you been able to make this work ? Not sure to understand what you're asking support on this topic exactly
- can save custom object -> could this be a side effect of the above integration ? Have you rebased on latest Twenty's version ? This could also be an workspace upgrade/migration issue
@Prastoin upgrading to v0.51.0 worked for me. I pulled that version. Made the changes I had made in v0.50.0 & it just worked. Can see Add Object & edit existing objects
Congrats ! Enjoy coding !