Page MenuHomePhabricator

User interface to register, authorize, view, and revoke Toolhub OAuth grants
Closed, ResolvedPublic

Description

  • View list of all oauth applications
  • View list of oauth applications the user owns
  • Create new oauth application
  • Update callback URL of existing oauth application
  • Delete oauth application
  • View list of oauth applications that the user has authorized
  • Delete oauth application authorization

Event Timeline

bd808 triaged this task as Medium priority.Oct 8 2020, 11:34 PM
bd808 removed a project: Goal.

On the Django side we should probably customize the styling of the /o/authorize/ screen too.

API endpoints built out for T264812: API OAuth backend:

  • GET /api/oauth/applications/ - list of all client applications
    • A user__username=... query parameter can be supplied to filter the list to only client applications created by the given user.
  • POST /api/oauth/applications/ - register a new client application
  • GET /api/oauth/applications/{client_id}/ - client application detail
  • DELETE /api/oauth/applications/{client_id}/ - delete application
  • PATCH /api/oauth/applications/{client_id}/ - update application
  • GET /api/oauth/authorized/ - list of all client applications authorized by the current user
  • GET /api/oauth/authorized/{id}/ - client application authorization
  • DELETE /api/oauth/authorized/{id}/ - revoke client application authorization

The API for creating new applications enforces an opinionated configuration:

  • All clients are marked as "confidential", so the UI should tell folks that "public" clients are not supported currently.
  • All clients are forced to use the authorization code grant type.
  • Clients are only allowed one callback URL.
  • The callback URL provided during authorization must be an exact match for the configured callback URL.

Change 655550 had a related patch set uploaded (by Srishakatux; owner: Srishakatux):
[wikimedia/toolhub@main] User interface to register, authorize, view, and revoke Toolhub OAuth grants.

https://gerrit.wikimedia.org/r/655550

Change 655550 merged by jenkins-bot:
[wikimedia/toolhub@main] User interface to register, authorize, view, and revoke Toolhub OAuth grants.

https://gerrit.wikimedia.org/r/655550