Skip to content

feat(ocm): implement WAYF page and enhance invitation workflow#1486

Merged
kulmann merged 2 commits intoopencloud-eu:mainfrom
MahdiBaghbani:opencloud/feature/ocm-wayf
Feb 26, 2026
Merged

feat(ocm): implement WAYF page and enhance invitation workflow#1486
kulmann merged 2 commits intoopencloud-eu:mainfrom
MahdiBaghbani:opencloud/feature/ocm-wayf

Conversation

@MahdiBaghbani
Copy link
Contributor

@MahdiBaghbani MahdiBaghbani commented Oct 30, 2025
edited
Loading

Although this PR is referenced under cs3org/OCM-STA#1, it is not directly part of the STA funded work. However, since the changes are closely related and beneficial to OCM, I decided to port them here as well for consistency.

This PR depends on this PR opencloud-eu/reva#393 to be merged in Reva.
This PR depends on this PR opencloud-eu/opencloud#1714 to be merged in OpenCloud.

Description

This PR implements the frontend components for WAYF (Where Are You From) functionality in the OCM web application, enabling users to discover and select their cloud provider when accepting federated invitations. The implementation provides a user friendly interface for OCM provider selection and complements the backend WAYF discovery endpoints.

Technical

Things I've added to the web application:

  • WAYF Page: Provider selection interface with federation browsing and manual provider entry
  • WAYF is public page: Public access to WAYF page without authentication requirement
  • Invitation Acceptance Modal: Component for invitation acceptance workflow from other EFSS WAYF Pages
  • Token Management: Multiple copy formats (plain, base64, WAYF link) for outgoing invitations
  • Shared Composables: Reusable logic for invitation acceptance and WAYF functionality
  • Federation list display with automatic grouping
  • Manual provider domain entry with OCM discovery

Code Changes

  • New Components:

    • src/views/Wayf.vue: Main WAYF page with provider selection UI, search functionality, and federation display
    • src/views/InvitationAcceptanceModal.vue: Modal component for accepting invitations with provider validation

  • New Composables:

    • src/composables/useWayf.ts: Core WAYF logic including federation loading, provider discovery, and self-domain validation
    • src/composables/useInvitationAcceptance.ts: Shared invitation acceptance logic with self-generated token detection

  • New Types:

    • src/types/wayf.ts: TypeScript interfaces for federation and provider data structures

  • Updated Routing (src/index.ts):

    • Added /wayf route with authContext: 'anonymous' for public access
    • Added /accept-invite route for invitation acceptance workflow
    • Included authentication context documentation

  • Modified Views:

    • src/views/OutgoingInvitations.vue: Added three token copy options (plain, base64, WAYF link) with visual improvements
    • src/views/IncomingInvitations.vue: Refactored to use shared useInvitationAcceptance composable
    • src/views/ConnectionsPanel.vue: Minor UI adjustments
    • src/views/App.vue: Updated to support new routes

  • Documentation:

    • docs/Where Are You From page.md: WAYF usage guide, API endpoints, and testing scenarios

Videos of the changes and general flow of the OCM app

From OpenCloud to oCIS

opencloud-to-ocis.webm

From oCIS to OpenCloud

ocis-to-opencloud.webm

@MahdiBaghbani
feat(ocm): implement WAYF page and enhance invitation workflow
fb0d46a 
add: Wayf.vue component with provider selection and federation discovery
add: useWayf.ts composable for WAYF logic and provider management
add: InvitationAcceptanceModal.vue for invitation acceptance
add: useInvitationAcceptance.ts composable to share acceptance logic
add: wayf.ts types for federation and provider interfaces
add: WAYF documentation
add: /wayf route with anonymous authentication support
add: /accept-invite route for invitation acceptance workflow
add: Configure anonymous authContext for public WAYF access
refactor: IncomingInvitations to use shared acceptance composable
add: multiple token copy options to OutgoingInvitations (plain, base64, WAYF link)
enhance: token display with separate copy buttons for each format
enhance: Filter out current instance from federation provider lists

Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
@MahdiBaghbani MahdiBaghbani mentioned this pull request Oct 30, 2025
Closed
@MahdiBaghbani MahdiBaghbani marked this pull request as ready for review November 18, 2025 11:45
@kulmann
Copy link
Member

kulmann commented Dec 18, 2025

Since the backend PRs are merged by now we'll start reviewing the web part (this PR) next

@kulmann kulmann mentioned this pull request Dec 18, 2025
Closed
2 tasks
kulmann
kulmann reviewed Jan 16, 2026
View reviewed changes
Copy link
Member

@kulmann kulmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @MahdiBaghbani thank you for this contribution! Looked at it today, together with @JammingBen and it looks good so far. We have some ideas for improvements but would do those as a followup to your PR (using vue-concurrency for loading and error states on requests, pushing modals to the modals store, etc - nothing you need to dig into ;-) ). We're struggling to get this running on local dev machines, because self signed certificates seem to be an issue in server-to-server OCM communication on the discover endpoint.

web_opencloud_federated  | 2026-01-16T10:59:17Z DBG invalid or empty response, falling back to legacy discovery error="error doing OCM discovery request: Get \"https://host.docker.internal:9200/.well-known/ocm\": tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match host.docker.internal" host.name=8b048db1af8f line=github.com/opencloud-eu/reva/v2@v2.41.1-0.20260107152322-93760b632993/internal/http/services/ocmd/client.go:64 pkg=rhttp request-id=498f94eb-eee5-4c99-9dfb-68eef885224f response= sender=https://host.docker.internal:9200/.well-known/ocm service=ocm traceid=950ccab567f399c8dcc7cb6504ab7656

Do you have any hints for us how to get this running with self signed certs? 🙈

@MahdiBaghbani MahdiBaghbani mentioned this pull request Feb 25, 2026
Merged
@MahdiBaghbani
Copy link
Contributor Author

MahdiBaghbani commented Feb 25, 2026
edited
Loading

Hello there, sorry for a very late reply, I had serious internet connection problems during last month.

As I always test on the public facing URLs with auto Let's Encrypt certificates I didn't notice this during dev.

Since the client has the InsecureSkipVerify: insecure from ocmd/client.go, it is possible to set the config:

[http.services.sciencemesh]
ocm_client_insecure = true

Since this needs additional wiring in the OpenCloud, I've opened a PR for it: opencloud-eu/opencloud#2404

One thing you can do (if you don't like to add that option) is to follow this StackOverflow guide and regenerate the certs to have the internal docker as certificate names and hopefully bypass the error.

kulmann
kulmann approved these changes Feb 26, 2026
View reviewed changes
Copy link
Member

@kulmann kulmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was finally able to test this (successfully 🥳 ), thanks to your latest adjustments in OpenCloud. Thank you for your contribution! Very much appreciated 😍

@kulmann kulmann merged commit 0071caa into opencloud-eu:main Feb 26, 2026
29 checks passed
@openclouders openclouders mentioned this pull request Feb 26, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kulmann kulmann kulmann approved these changes

Assignees

No one assigned

Labels

Type:Enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MahdiBaghbani @kulmann