#10327 openid client_id and client_secret for anitya
Closed: Fixed 2 years ago by kevin. Opened 3 years ago by lenkaseg.

Describe what you would like us to do:

Anitya is moving to authlib and it would need to know the CLIENT_ID and CLIENT_SECRET for fedora (ipsilon I guess).

When do you need this to be done by? (YYYY/MM/DD)

When possible


Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, low-trouble, ops

3 years ago

Is this OIDC?

If so:

To help us register your application in our OIDC service, we need a few
information from you:

Note: all the default values provided here are based on the default choice/
implementation of flask-oidc. If you do not use this library you may have to
refer to the documentation of your library.

Some generic information first:
- What is the application main URL?
- Who will be the main contact for the application, or will this be core
infrastructure?
- What privacy policy will be applicable to the application, or will this be
the standard Fedora privacy policy?

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
- flask-oidc defaults to: <APPLICATION_URL>/oidc_callback
but it's configurable (so double-check)
- Does the application need the user names, or will an application-specific
pseudonym suffice?
- ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to
get the user's username. If not, this question likely does not matter for
your application
- Which authorization flow does the application use?
- flask-oidc: authorization_code
- Which token authentication method does the application use?
- flask-oidc: client_secret_post
- Which response type does the application rely on?
- flask-oidc: Code

Yes, it is OIDC.
in fact, maybe there already is CLIENT_ID and CLIENT_SECRET for Anitya (release-monitoring), when it was using social_auth? If so, I'd be fine with the old ones I guess.

  • What is the application main URL?
    https://release-monitoring.org/
  • Who will be the main contact for the application, or will this be core
    infrastructure?
    mkonecny
  • What privacy policy will be applicable to the application, or will this be
    the standard Fedora privacy policy?
    standard

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
flask-oidc defaults to: <APPLICATION_URL>/oidc_callback
but it's configurable (so double-check)
<APPLICATION_URL>/auth/fedora
- Does the application need the user names, or will an application-specific
pseudonym suffice?
ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to
get the user's username. If not, this question likely does not matter for
your application
I'm not too sure here, but to get the user name would be better I think.
- Which authorization flow does the application use?
flask-oidc: authorization_code
authorization_code
- Which token authentication method does the application use?
flask-oidc: client_secret_post
I think client_secret_basic, but client_secret_post should work too.
- Which response type does the application rely on?
flask-oidc: Code
code

ok. I made them for both prod and staging.

The client_id is anitya for both.
The secret is in private ansible vars and can be referred to as: anitya_oidc_client_secret_stg and
anitya_oidc_client_secret_prod

Please let me know if there is anything more you need for this. :) Sorry for the delay...

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Log in to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog