Create a self-service UI for managing oauth credentials

RESOLVED FIXED

Status

P5
normal
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: emorley, Assigned: mdoglio)

Tracking

Details

(Reporter)

Description

4 years ago
Migrated from:
https://github.com/mozilla/treeherder-service/issues/152

lightsofapollo commented on 23 May:

{
What I propose is to use role based authentication + a hawk backend for clients. @jonasfj recently implemented a simple auth server on top of azure tables (we have a sec review going) and it includes a simple user interface to add clients.

A client would be granted a number of roles so it should be easier to provide granular access (as is done today) and more permissive access to multiple repos (and other capabilities later).

For example the current one-client-per repo would look like this:

    scope: ["treeherder-dev:repo:gaia-master"]

Multiple repos:

    scope: ["treeherder-dev:repo:gaia", "treeherder-dev:repo:gaia-master"]

All repos:

    scope: ["treeherder-dev:repo:gaia", "reeherder-dev:repo:*"]


I intentionally left out some implementation details let me know what you think... If this is a good path forward I can pick up this work (it's actually fairly easy). Note that I intentionally left room in the proposal above for both new roles (like treeherder-dev:add-repo) and added the "-dev" suffix to indicate that this role is for the dev treeherder, etc..
}
(Reporter)

Updated

4 years ago
Blocks: 1072676
(Reporter)

Updated

4 years ago
No longer blocks: 1072676
Component: Treeherder → Treeherder: API
(Reporter)

Updated

4 years ago
Priority: P4 → P5
(Reporter)

Updated

4 years ago
Depends on: 1160111
Summary: Self Service Authentication → Create a self-service UI for managing oauth credentials
(Assignee)

Updated

4 years ago
Blocks: 1164845
(Reporter)

Updated

3 years ago
Blocks: 1196191
(Reporter)

Updated

3 years ago
No longer blocks: 1164845
(Assignee)

Comment 1

3 years ago
This was implemented as part of bug 1160111. There is no support for authentication scopes because we don't need it yet.
(Assignee)

Updated

3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Updated

3 years ago
Assignee: nobody → mdoglio
You need to log in before you can comment on or make changes to this bug.