Diffusion Web applications 7bd24236ab9e

auth: Generate bearer token using OIDC Authorization Code flow
7bd24236ab9e
Actions

Tags

None

Subscribers

None

Description

auth: Generate bearer token using OIDC Authorization Code flow

Instead of using the OIDC Direct Grant flow to generate bearer tokens
for Web API authentication, use the more secured Authorization Code
flow (as in webapp login) to avoid proxying SSO credentials from django
backend to Keycloak server.

As a consequence, previously stored encrypted tokens in webapp database
has to be removed as the encryption scheme has changed. Hopefully,
there is currently only a couple in production database generated by
swh staff members so the impact will be quite limited.

Details

Provenance

anlambert	Authored on Dec 7 2020, 7:01 PM
anlambert	Pushed on Dec 10 2020, 4:24 PM

Differential Revision

D4692: auth: Generate bearer token using OIDC Authorization Code flow

Parents

rDWAPPSbdacba90d0d9: api: Add missing origin visits URL in /origin/search/ endpoint response

Branches

Unknown

Tags

Unknown

Build Status

Buildable 17872
Build 27613: test-and-build	Jenkins console · Jenkins

Event Timeline

anlambert added an edge: D4692: auth: Generate bearer token using OIDC Authorization Code flow.Dec 10 2020, 4:25 PM

anlambert committed rDWAPPS7bd24236ab9e: auth: Generate bearer token using OIDC Authorization Code flow (authored by anlambert).Dec 10 2020, 4:02 PM

Harbormaster completed building B17872: rDWAPPS7bd24236ab9e: auth: Generate bearer token using OIDC Authorization Code flow.Dec 10 2020, 4:32 PM

swh-public-ci mentioned this in D4697: auth: Implement access token renewal in OIDC Authorization Code backend.Dec 10 2020, 4:37 PM

swh-public-ci mentioned this in D4727: assets/revision: Fix a couple of bugs related to events handling.Dec 11 2020, 4:12 PM

swh-public-ci mentioned this in D4728: misc/coverage: Add Guix logo.Dec 11 2020, 4:40 PM

Changes (8)

Path

Size

cypress/

integration/

api-tokens.spec.js

swh/

web/

assets/

src/

bundles/

auth/

auth/

migrations/

0002_remove_stored_tokens.py

settings/

tests/

auth/

keycloak_mock.py

rDWAPPS7bd24236ab9e

cypress/integration/api-tokens.spec.js

Loading...

swh/web/assets/src/bundles/auth/index.js

Loading...

swh/web/auth/keycloak.py

Loading...

swh/web/auth/migrations/0002_remove_stored_tokens.py

Loading...

swh/web/auth/views.py

Loading...

swh/web/settings/tests.py

Loading...

swh/web/tests/auth/keycloak_mock.py

Loading...

swh/web/tests/auth/test_views.py

Loading...