Roundup Tracker - Issues

Issue 2551239

classification
Enable openid/login with github on this tracker, possibly include as plugin addon
Type: rfe Severity: normal
Components: Infrastructure Versions:
process
Status: new
:
: : rouilj
Priority: : Effort-High

Created on 2022-11-13 16:25 by rouilj, last changed 2024-05-01 18:13 by rouilj.

Messages
msg7660 Author: [hidden] (rouilj) Date: 2022-11-13 16:25
We are getting a number of visits to roundup issue tracker from github. It would be nice
to implement login with github used on the old BPO tracker here.

  https://github.com/psf/bpo-tracker-cpython/blob/master/extensions/oic_login.py

(not sure why it's named oic_login and not oidc_login but...) which calls the
oic_return action from:

  https://github.com/psf/bpo-tracker-cpython/blob/master/extensions/openid_login.py

As part of the getting the code working:

  0) code currently written in python2, needs to be py2/py3 compatable
  1) providers should be configurable in extensions/config.ini file.
     maybe under the [oic_providers] tag. This replaces PROVIDER_URL_MAP in the code.
  2) other config settings should be available in the same file.
  3) There are hardcoded constants for PROVIDER_GITHUB and PROVIDER_GOOGLE that
     are sprinkled though the code. Can this be abstracted so that the provider can be
     defined in the [oic_providers] and the key is used to perform table lookups
     for new providers defined by additions to a table in the class using init.py.

     so rather than:

        # Github does not support dynamically resolving OpenID configuration.
        if provider_name == PROVIDER_GITHUB:
            self.scopes = ['user:email', 'read:user']
            client.provider_info = {
                'authorization_endpoint': 'https://github.com/login/oauth/authorize',
                'token_endpoint': 'https://github.com/login/oauth/access_token',
            }
            client.handle_provider_config(client.provider_info, 'GitHub')
        else:
            client.provider_info = client.provider_config(provider)

    we get something like:

        if provider_name in self.config.scopes:
           self.scopes = self.config.scopes[provider_name]

        if provider_name in self.config.provider_info:  # dynamic config not supported
            client.provider_info = self.config.provider_info[provider_name]
            client.handle_provider_config(client.provider_info, 'GitHub')
        else:  # key is not defined because we can do dynamic config
            client.provider_info = client.provider_config(provider)

where self.config provides the table to perform lookups of config params
and will be changeable by at least init.py or possibly in extensions/config.ini.

I am not sure how far to push #2. Setting providers should be done in config.ini
especially if they are able to do dynamic config. How far config for providers
that need additional config settings should be configurable in config.ini is open.
In theory we can define all the settings for self.config.provider_info in the same
way as the logging module. But that is really a pain and confusing as config.ini is not
really set up to define a random data structure.


I expect the required libraries to already be on the platform since this worked for b.p.o.


We would also need to get an oauth key as well from github. Probably should come from the
roundup-tracker org.

Good learning experience for somebody interested in OIDC, OIC
msg7662 Author: [hidden] (rouilj) Date: 2022-11-17 21:12
See also: https://www.freecodecamp.org/news/how-to-set-up-a-github-oauth-application/
msg8026 Author: [hidden] (rouilj) Date: 2024-05-01 18:13
also see https://annotate.dev/p/hello-world/learn-oauth-2-0-by-building-your-own-oauth-client-
U2HaZNtvQojn4F
History
Date User Action Args
2024-05-01 18:13:52rouiljsetmessages: + msg8026
2022-11-17 21:12:00rouiljsetmessages: + msg7662
2022-11-13 16:25:50rouiljcreate