2022-03-30 14:01:34 +01:00
|
|
|
Flask-oidc
|
2022-03-30 13:58:46 +01:00
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Purpose
|
|
|
|
|
-------
|
|
|
|
|
|
|
|
|
|
Flask-oidc is a library used across the Fedora infrastructure. For its
|
|
|
|
|
authentication it the oauth2client library is used. This is now deprecated and
|
|
|
|
|
no longer maintained. This will need to be replaced.
|
|
|
|
|
|
|
|
|
|
Resources
|
|
|
|
|
---------
|
|
|
|
|
|
|
|
|
|
Flask-oidc code: https://github.com/puiterwijk/flask-oidc
|
|
|
|
|
Bodhi implementation: https://github.com/fedora-infra/bodhi/tree/develop/bodhi-server/bodhi/server/auth
|
|
|
|
|
Authlib docs: https://docs.authlib.org/en/latest/basic/index.html
|
|
|
|
|
|
|
|
|
|
Investigation
|
|
|
|
|
-------------
|
|
|
|
|
|
|
|
|
|
Here is the list of ideas/things we discussed/looked at:
|
|
|
|
|
|
|
|
|
|
.. toctree::
|
|
|
|
|
:maxdepth: 1
|
|
|
|
|
|
|
|
|
|
gooogle-auth vs authlib
|
|
|
|
|
authlib initialisation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conclusions
|
|
|
|
|
-----------
|
|
|
|
|
|
|
|
|
|
Authlib is the new industry standard and looks to be a suitable replacement for
|
|
|
|
|
oauth2client. The flask-oidc code would need to be rewritten to replace all the
|
|
|
|
|
oauth2client code.
|
|
|
|
|
|
|
|
|
|
The flow of the code would need to be adjusted to work with the new library.
|
|
|
|
|
Google-auth and authlib were looked at for this investigation and it was
|
|
|
|
|
suggested that authlib looks a better replacemnt.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Proposed Roadmap
|
|
|
|
|
----------------
|
|
|
|
|
|
|
|
|
|
1. Find all instances of ouath2client code in the current flask-oidc code
|
|
|
|
|
2. Map the functionality of this code and what will be needed from the new library
|
|
|
|
|
3. Write the flow to replicate this functionality using the new library
|
|
|
|
|
4. Cut a new release using the updated code
|
|
|
|
|
5. (Optional) Update all appps in the Fedora infra which require this module
|
