Alyssa Coghlan
Alyssa Coghlan
New branch in my repo based on @jeremycline's updates and getting the tests green again: https://github.com/ncoghlan/anitya/tree/authenticated-api Figuring out a test strategy will be the next key step. Would it be...
I think that setting is false in my original just-for-initial-local-tinkering openid-connect branch, but has been fixed in the new branch based on Jeremy's work. Regarding testing, I realised checking against...
Latest update to https://github.com/ncoghlan/anitya/tree/authenticated-api splits the API tests into four categories as follows: - anonymous access (these are the existing API tests) - requires authentication (currently empty, will test that...
I'd missed that @jeremycline had moved the new Flask-RESTful based endpoint out to a new "v2" API definition. That's a good idea, and means the test cases can be put...
Latest commit on the branch refactors the API so that features that normally require authentication can be tested without needing an OIDC server in the test environment: https://github.com/ncoghlan/anitya/commit/6eae55db2d50f942a715d17481ac51169e0d0d48 It also...
@puiterwijk Where can I find documentation on how to use `client_secrets.json` to request a valid OIDC access token from FAS?
The most useful resource I've found so far is http://connect2id.com/learn/openid-connect#example-auth-code-flow, which I'm currently working through attempting to substitute in values from the `client_secrets.json` file, but it's really unclear how the...
Looks like Digital Ocean have a good write-up of the underlying OAuth 2.0 mechanisms for the client authorization request and token update flows: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
It turns out that `requests` does support token retrieval, it just wasn't documented very well so I missed it when I first looked at the docs: https://github.com/kennethreitz/requests/pull/3804 So the latest...
Just for interest, the author of https://github.com/h2non/nightmare-google-oauth2 pointed out that you can actually take the token retrieval automation a step further and issue the authorization request from the command line...