Switch to use Action Provider Tools Blueprint

[sirosen]

👋 Hi, Globus developer here!

We have some changes the team has been working on to improve Action Provider Tools, in particular to improve the ways in which it interacts with the Globus Auth and Groups services.
As a result, we're removing add_action_routes_to_blueprint in favor of only supporting the ActionProviderBlueprint path -- this gives all of us (library maintainers and users) a handle on some specific object or abstraction which the library is providing, and will allow us to expose the coming changes more cleanly.
The latest release (0.19.1) still provides add_action_routes_to_blueprint, but it will be removed in the next one (probably v0.20.0).

I'm suggesting this change to try to help you update, but I wasn't able to run the testsuite in this repo, as it appears to require credentials.
Please let me know if there's more we can do to assist!

---

'add_action_routes_to_blueprint' is being removed in an upcoming release. The activities which it performed are better encapsulated by 'ActionProviderBlueprint', which is available in all recent versions of Action Provider Tools.

The blueprint provides registration methods which can be used as decorators, but to preserve the semantics of the current application as much as possible, I have refrained from using them as such.
The registration calls are made imperatively in the app factory, similar to how the add_action_routes_to_blueprint function behaved.

The ActionProviderBlueprint looks up client credentials from app config based on the name of the blueprint, so the client credential names are set appropriately in app config to match.

[sirosen]

I see that there's an error in CI after this merged. It looks like the client secret isn't being picked up correctly. I'm puzzled as to why that might be -- the code should be looking for DISAPORA_CLIENT_ID and DIASPORA_CLIENT_SECRET, based on the name of the blueprint being "diaspora".

Let me know if I can help dig into this. It's a little difficult for me to help out without being able to run tests on my changes. 😅

[haochenpan]

Hi Stephen,

Thank you for the pull request and for bringing the AP update to our attention! I pushed the changes directly to the main branch without waiting for GitHub Actions to verify, as I assumed the workflow would execute there correctly.

As you mentioned, and as I can verify on my end, even though the PR successfully sets these variables:

app.config.DIASPORA_CLIENT_ID = CLIENT_ID
app.config.DIASPORA_CLIENT_SECRET = CLIENT_SECRET

Retrieving them using:

client_id = app.config.get(provider_prefix + "CLIENT_ID")
client_secret = app.config.get(provider_prefix + "CLIENT_SECRET")

inside _create_token_checker still returns None. This issue is causing both pytest and python action_provider/main.py to fail.

For reference, here is the current structure of my secrets.sh:

#!/bin/bash

export AWS_ACCESS_KEY_ID="*****"
export AWS_SECRET_ACCESS_KEY="*****"

# action provider
export CLIENT_ID="2b9d2f5c-fa32-45b5-875b-b24cd343b917"
export CLIENT_SECRET="*****"
export CLIENT_SCOPE="https://auth.globus.org/scopes/2b9d2f5c-fa32-45b5-875b-b24cd343b917/action_all"
export DEFAULT_SERVERS="b-1-public.diaspora.fy49oq.c9.kafka.us-east-1.amazonaws.com:9198,b-2-public.diaspora.fy49oq.c9.kafka.us-east-1.amazonaws.com:9198"

# web service
export SERVER_CLIENT_ID="2b9d2f5c-fa32-45b5-875b-b24cd343b917"
export SERVER_SECRET="*****"

Let me know if you have any insights or suggestions on resolving this issue!

[haochenpan]

The fix is surprisingly simple: https://github.com/haochenpan/diaspora-service/pull/43/files