From 86b8a42a67300ea3dc50c3c49977b4cb139deb3f Mon Sep 17 00:00:00 2001 From: Mark O Brien Date: Mon, 4 Apr 2022 15:00:02 +0100 Subject: [PATCH] forgot to git add files Signed-off-by: Mark O Brien --- docs/flask-oidc/authlib_code.rst | 22 ++++++++++++++++++++++ docs/flask-oidc/oauthlib_authlib.rst | 26 ++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 docs/flask-oidc/authlib_code.rst create mode 100644 docs/flask-oidc/oauthlib_authlib.rst diff --git a/docs/flask-oidc/authlib_code.rst b/docs/flask-oidc/authlib_code.rst new file mode 100644 index 0000000..b82c40c --- /dev/null +++ b/docs/flask-oidc/authlib_code.rst @@ -0,0 +1,22 @@ +Authlib +========= + +Discussion +---------- + +Authlib implementation for Flask. Flask-oidc uses ouath2client to create a flow +based on client secrets using this function `client.flow_from_clientsecrets https://oauth2client.readthedocs.io/en/latest/source/oauth2client.client.html#oauth2client.client.flow_from_clientsecrets`_. +to create an ouath2 webserver flow which validates based on oidc tokens. +This needs to be replaced using a new library. + +Authlib +------ +Authlib has the functionality to follow this flow and use oidc on top of oauth2 +functionality https://docs.authlib.org/en/latest/client/oauth2.html#oauth-2-openid-connect + + + +Conclusion +---------- +Authlib provides the necessary tooling to do this replacement which shows it as +suitable for a replacement diff --git a/docs/flask-oidc/oauthlib_authlib.rst b/docs/flask-oidc/oauthlib_authlib.rst new file mode 100644 index 0000000..b5fe08d --- /dev/null +++ b/docs/flask-oidc/oauthlib_authlib.rst @@ -0,0 +1,26 @@ +Oauthlib vs Authlib +===================== + +Resources +--------- + +* Oauthlib: https://oauthlib.readthedocs.io/en/latest/ +* Authlib: https://docs.authlib.org/en/latest/ + + +Discussion +--------- +Which library should be used to replace the currently used and deprecated +oauth2client. The two main contenders are Oauthlib and Authlib. + +Authlib is the more popular of the two choices as seen in this `graph https://python.libhunt.com/compare-authlib-vs-oauthlib`_. +For flask the oauthlib developers themselves recommend using authilib +https://github.com/lepture/flask-oauthlib#readme + + +Conclusion +--------- +Authlib seems to be the best candidate for this initiative. There is knowledge +in the team of the library as it was used in bodhi. It also appears to have an +easier to implement and has a flask integration and is recommended for use by +the developer.