API OAuth backend
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	bd808
	Oct 6 2020, 10:09 PM

Description

API endpoints that create/update/delete data will need authentication and authorization controls. Toolhub is intended to be "API first" and open for people to create alternate front ends and clients. It should be possible for these front ends/clients to perform authenticated tasks. It should also be possible for that authentication to be acting as a proxy for another user to preserve attribution/ownership of the data. To enable authentication at all we will need some method other than an OAuth handshake with metawiki (as that will not work for something like a cli tool). For rights delegation from other users, OAuth is really the "best" answer in the industry. Bringing these requirements together makes it reasonable for Toolhub to act as an OAuth authorization server. This will allow "client credentials" grants that are suitable for use to authenticate as a single user, and also "authorization code" grants that are suitable for use by a server-side application.

Django backend OAuth authorization server allowing registration of new client applications
API endpoints for OAuth client registration
- GET /api/oauth/applications/ - list of all registered client applications
- POST /api/oauth/applications/ - register a new client application
- GET /api/oauth/applications/{client_id}/ - client application detail
- DELETE /api/oauth/applications/{client_id}/ - delete client application
- PATCH /api/oauth/applications/{client_id}/ - update client application
- GET /api/oauth/authorized/ - list of all client applications authorized by the current user
- GET /api/oauth/authorized/{client_id}/ - client application authorization
- DELETE /api/oauth/authorized/{client_id}/ - revoke client application authorization

Details

	Subject	Repo	Branch	Lines +/-
	api: Add OAuth 2.0 authorization server endpoints	wikimedia/toolhub	main	+429 -4

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		bd808	T264812 API OAuth backend
		Resolved		srishakatux	T264967 User interface to register, authorize, view, and revoke Toolhub OAuth grants

Event Timeline

bd808 created this task.Oct 6 2020, 10:09 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 6 2020, 10:09 PM

bd808 triaged this task as Medium priority.Oct 6 2020, 10:33 PM

bd808 removed a parent task: T195679: [Toolhub Milestone 2] Initial API and UI; toolinfo crawler.Dec 4 2020, 12:30 AM

bd808 claimed this task.Jan 3 2021, 9:12 PM

bd808 moved this task from Backlog to In Progress on the Toolhub board.

Restricted Application added a project: User-bd808. · View Herald TranscriptJan 3 2021, 9:12 PM

bd808 updated the task description. (Show Details)Jan 4 2021, 6:15 PM

Change 654345 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[wikimedia/toolhub@main] api: Add OAuth 2.0 authorization server endpoints

https://gerrit.wikimedia.org/r/654345

gerritbot added a project: Patch-For-Review.Jan 5 2021, 1:20 AM

bd808 mentioned this in T264967: User interface to register, authorize, view, and revoke Toolhub OAuth grants.Jan 5 2021, 4:22 PM

Change 654345 merged by jenkins-bot:
[wikimedia/toolhub@main] api: Add OAuth 2.0 authorization server endpoints

https://gerrit.wikimedia.org/r/654345

jenkins-bot mentioned this in rWTHU05f07de2c39d: api: Add OAuth 2.0 authorization server endpoints.Jan 5 2021, 4:33 PM

Maintenance_bot removed a project: Patch-For-Review.Jan 5 2021, 5:10 PM

bd808 closed this task as Resolved.Jan 6 2021, 9:31 PM

bd808 added a project: Developer-Advocacy (Jan-Mar 2021).Jan 14 2021, 5:29 PM

bd808 closed subtask T264967: User interface to register, authorize, view, and revoke Toolhub OAuth grants as Resolved.Feb 5 2021, 6:47 PM