-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade ScribeJava to latest version #5991
Comments
…mpatible with recent ScribeJava library. Refactored code structure a bit, too.
…actor base class to avoid code duplication when generating the user record.
Yes. This reminds me of this issue: "As a Dataverse Installation Administrator, I want to add an alternative OAuth provider as a plugin, so that I don't have to fork the core code" #4383 @poikilotherm will your current effort help with this? You might be interested in the slide below about federated login presented by @philippconzett during the 2019 community meeting: https://osf.io/cqsrj/ A video of this talk is available: https://youtu.be/vAPpKuDQUDY?t=746
I don't see any tests yet in pull request #5997. 😄 |
Hey @pdurbin
I referenced #4383 in my description already... 😉 To answer your question: it might help. People need to attach their IDM to the other services. This is definitly possible, like it has been done with Unity IDM to connect to a lot more providers than currently exist in Dataverse (see b2access as an example, offering Win Live and Facebook)
I wasn't clear enough... There are currently no unit tests at all for the business logic of the OAuth stuff. Before I add any unit tests I would like to know if you guys like what you see... (I prefer test driven design, but I really need to get things done now 😉 .) |
The list of authorized scopes doesn't have to be in the same order as we send it. So better check the single scope names on their own. Relates to IQSS#5991.
Since the introduction of OAuth2 the scope attribute of all saved tokens has been "null", as there seemed to be a bug with ScribeJava. Upgrading from v3.3.6 to v6.8.1 resulted in exceptions due to the scope being saved now, but violating the 64 char limit. As the persisted data has not been in use ever since (the scope is always retrieved from the IdP implementation), the attribute has been removed to save database space and avoid the exception. An appropriate SQL migration script for Flyway has been added. Relates to IQSS#5991.
The GitHub auth provider had been implemented with no scope. Thus only public information is used, the user needs to provide his or her mail address on first login page. Relates to IQSS#5991.
I'm seeing that the PR #5997 has just been merged. Why is the flyway script named V4.18.0.1__5991-update-scribejava.sql? - The current version is V4.17. But let's be careful about keeping established numbering scheme going forward; which is to build on top of the current version in pom.xml. |
Alright, lets close this as done. I'm opening new issues for the further work. |
This is an implementation task for the salvation of #5974
With the current OAuth2 providers, you can only connect to specific providers. For using an IDM/IAM, we need a more general approach, more like mentioned in #4383.
These days, OpenID Connect defines a common standard based on OAuth2, where at least some scopes and claims are standardized. ScribeJava offers some (very) limited support for using the standard, so let's try this...
The text was updated successfully, but these errors were encountered: