Software Center Agent

Add OAuthMiddleware for API

Bug #609025 reported by Michael Nelson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Software Center Agent
Fix Released
Medium
Anthony Lenton
Software Center Agent beta1

Bug Description

Currently for calls such as ISubscriptionSet.getForOAuthToken() we're doing some sort of authentication ourselves by passing the token and identifier and then using a special private verify_request() call to the identity provider. This worked fine when it was for a request which is not called often, but if we want to enable the client to request/poll a subscription to see its status, either we:

1) verify every request with the identity provider - slow, or
2) create some sort of data store for identities that we've verified, but...

this second option seems unnecessary as this is what open auth is for. We should be able to instead allow the client to make OAuth-authenticated api requests by using the lazr.authentication OAuthMiddleware and adding an OAuth DataStore (from the little I've read so far). This would be more efficient as the identity provider would be contacted only once per token, and would mean that we're relying on standard oauth infrastructure, rather than creating our own less-thought-out solution.

Anthony Lenton (elachuni)
Changed in software-center-agent:
milestone: none → beta1
Anthony Lenton (elachuni)
Changed in software-center-agent:
assignee: nobody → Anthony Lenton (elachuni)
status: Triaged → In Progress
Anthony Lenton (elachuni)
Changed in software-center-agent:
status: In Progress → Fix Committed
Anthony Lenton (elachuni)
Changed in software-center-agent:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.