Anitya is moving to authlib and it would need to know the CLIENT_ID and CLIENT_SECRET for fedora (ipsilon I guess).
When possible
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
Is this OIDC?
If so:
To help us register your application in our OIDC service, we need a few information from you:
Note: all the default values provided here are based on the default choice/ implementation of flask-oidc. If you do not use this library you may have to refer to the documentation of your library.
Some generic information first: - What is the application main URL? - Who will be the main contact for the application, or will this be core infrastructure? - What privacy policy will be applicable to the application, or will this be the standard Fedora privacy policy?
Some more OIDC specific information then: - Which redirect URI(s) will the application use? - flask-oidc defaults to: <APPLICATION_URL>/oidc_callback but it's configurable (so double-check) - Does the application need the user names, or will an application-specific pseudonym suffice? - ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to get the user's username. If not, this question likely does not matter for your application - Which authorization flow does the application use? - flask-oidc: authorization_code - Which token authentication method does the application use? - flask-oidc: client_secret_post - Which response type does the application rely on? - flask-oidc: Code
<APPLICATION_URL>/oidc_callback
OIDC.user_getfield('sub')
Yes, it is OIDC. in fact, maybe there already is CLIENT_ID and CLIENT_SECRET for Anitya (release-monitoring), when it was using social_auth? If so, I'd be fine with the old ones I guess.
https://release-monitoring.org/
mkonecny
standard
Some more OIDC specific information then: - Which redirect URI(s) will the application use? flask-oidc defaults to: <APPLICATION_URL>/oidc_callback but it's configurable (so double-check) <APPLICATION_URL>/auth/fedora - Does the application need the user names, or will an application-specific pseudonym suffice? ie: using flask-oidc, do you ever rely on OIDC.user_getfield('sub') to get the user's username. If not, this question likely does not matter for your application I'm not too sure here, but to get the user name would be better I think. - Which authorization flow does the application use? flask-oidc: authorization_code authorization_code - Which token authentication method does the application use? flask-oidc: client_secret_post I think client_secret_basic, but client_secret_post should work too. - Which response type does the application rely on? flask-oidc: Code code
<APPLICATION_URL>/auth/fedora
I'm not too sure here, but to get the user name would be better I think.
authorization_code
I think client_secret_basic, but client_secret_post should work too.
code
ok. I made them for both prod and staging.
The client_id is anitya for both. The secret is in private ansible vars and can be referred to as: anitya_oidc_client_secret_stg and anitya_oidc_client_secret_prod
Please let me know if there is anything more you need for this. :) Sorry for the delay...
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thanks a lot Kevin!
Log in to comment on this ticket.