Page MenuHomePhabricator

API OAuth backend
Closed, ResolvedPublic


API endpoints that create/update/delete data will need authentication and authorization controls. Toolhub is intended to be "API first" and open for people to create alternate front ends and clients. It should be possible for these front ends/clients to perform authenticated tasks. It should also be possible for that authentication to be acting as a proxy for another user to preserve attribution/ownership of the data. To enable authentication at all we will need some method other than an OAuth handshake with metawiki (as that will not work for something like a cli tool). For rights delegation from other users, OAuth is really the "best" answer in the industry. Bringing these requirements together makes it reasonable for Toolhub to act as an OAuth authorization server. This will allow "client credentials" grants that are suitable for use to authenticate as a single user, and also "authorization code" grants that are suitable for use by a server-side application.

  • Django backend OAuth authorization server allowing registration of new client applications
  • API endpoints for OAuth client registration
    • GET /api/oauth/applications/ - list of all registered client applications
    • POST /api/oauth/applications/ - register a new client application
    • GET /api/oauth/applications/{client_id}/ - client application detail
    • DELETE /api/oauth/applications/{client_id}/ - delete client application
    • PATCH /api/oauth/applications/{client_id}/ - update client application
    • GET /api/oauth/authorized/ - list of all client applications authorized by the current user
    • GET /api/oauth/authorized/{client_id}/ - client application authorization
    • DELETE /api/oauth/authorized/{client_id}/ - revoke client application authorization

Event Timeline

bd808 triaged this task as Medium priority.Oct 6 2020, 10:33 PM
bd808 moved this task from Backlog to In Progress on the Toolhub board.

Change 654345 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[wikimedia/toolhub@main] api: Add OAuth 2.0 authorization server endpoints

Change 654345 merged by jenkins-bot:
[wikimedia/toolhub@main] api: Add OAuth 2.0 authorization server endpoints