FAQ | This is a LIVE service | Changelog

Skip to content

Replace authentication with Google OAuth2 and remove cruft

Dr Rich Wareham requested to merge issue-91-google-oauth2 into master

This is a large MR because it removes a lot of code and out of date documentation. Each commit should be reviewable individually but the application as a whole should be tested at the end of the commit chain using the information in the README.

NOTE: This MR will break the existing IAR frontend. Changes need to be made to it to support this new backend. This is being tracked as frontend#176 (closed).

It is best to read the commit messages for this MR but a brief overview follows.

Previously we made use of our own hydra-based OAuth2 implementation and lookupproxy in a complicated three-way arrangement which required a lot of set up. Life has moved on and the IAR was the only user of the hydra login service and the only user of lookupproxy.

We want to re-architecture the IAR to make use of Google OAuth2 login like our more modern applications. The usual pattern for this in API-only DRF applications is to have a special endpoint which can exchange credentials for some Django authentication backend for an API token and to make use of DRF's built in token authentication. We make use of Django social auth to provide Google OAuth2 integration and copy a pattern from the documentation for the token exchange endpoint.

This allows the IAR frontend to remain separated; it can obtain an OAuth2 access token client side and then pass it to the backend to get an API token to use for the remainder of the session. The IAR frontend will need updating with this code.

Since the Lookup API is now available outside of the CUDN we no-longer need to use lookupproxy. Removing the lookupproxy and custom hydra authentication means we could remove the entirety of the hydra and lookupproxy container configuration from the development server.

This MR does not attempt to move the IAR to our more modern ./compose.sh-style development server or to add GitLab CI configuration since that is considered beyond the scope of #91 (closed) and #88 (closed) but it is certainly easier now.

The README is updated to discuss how the Swagger UI may be used to get access to the application and to test it.

Closes #91 (closed). Closes #88 (closed).

Edited by Dr Rich Wareham

Merge request reports