FAQ | This is a LIVE service | Changelog

Skip to content

Decouple lookup and OAuth2 token authentication

UIS DevOps Division Robot requested to merge github/fork/rjw57/decouple-lookup into master

Created by: rjw57

The lookup functionality in this module assumed that the user will have been created automatically by way of a DRF API. This is not true in, for example, the current UMP where we still use the normal Django session functionality. This assumption was wired deep in the lookup proxy and so this PR does quite some work to untangle it.

Commits 2916351, bd424b0 and 7086584 simply port some fixes from similar projects.

Commit 228e417 has the bulk of this PR and the commit message is worth reading. Since some work had already been done in thinking how a decoupled API might look in #4, this PR takes its lead from that issue and separates out the OAuth2 client, the OAuth2 token verification and the lookup proxy API into separate modules. See #4 for a discussion of the rationale for these changes.

This PR does not implement all of the changes in #4, only those which became necessary when re-working the lookup API.

It also makes sure that settings have sane default values rather than relying on upstream users to set them. This is particularly useful for "rarely changed" settings like LOOKUP_OAUTH2_SCOPES or INTROSPECT_OAUTH2_SCOPES.

The OAuth2 client has simply moved to the automationoauth.client module. The token verification which was done in automationoauthdrf has been moved into its own module, automationoauth.token. Both automationoauthclient and automationoauthdrf have not changed their API but now use the new modules for their implementation.

The automationlookup module had the implementation of get_person re-worked. The legacy API is untouched but has been changed to use the new API to implement it.

The UserLookup model is now redundant and can slowly be removed from projects as they move over to the new API.

The new API now looks like the following:

# OAuth2 client
from automationoauth.client import AuthenticatedSession
session = AuthenticatedSession(scopes=[...])
session.request(...)

# Token verification
from automationoauth.token import verify_token
token = # ... from header
info = verify_token(token)  # raises exception if token is invalid

# Lookup
from automationlookup import get_person

# Get a person resource by CRSid
person = get_person('spqr1', fetch=['all_insts'])

Merge request reports