Confirmed users
358
edits
User:Mconnor/BIDSync(s): Difference between revisions
→Token Processing Library
| Line 349: | Line 349: | ||
==== Requirements ==== | ==== Requirements ==== | ||
* Abstract out the code that turns a Sagrada token into a userid and some additional metadata into a library that all Sagrada services can use. | * Abstract out the code that turns a Sagrada token into a userid and some additional metadata into a library that all Sagrada services can use. | ||
==== Work Breakdown ==== | |||
===== Finalize repoze.who.plugins.vepauth ===== | |||
* much of the protocol flow has already been implemented as a standalone repoze.who plugin | |||
* it just needs some tweaking as the details all get finalized | |||
* (this also has basic token-provisioning support, which might be handy for testing purposes until the real tokenserver comes online) | |||
===== Code to manage per-node secrets ===== | |||
* need code to parse the token-server secrets file | |||
* also to watch it for changes and update secrets automatically? | |||
===== Metadata Tokens? ====== | |||
* what exactly is this "some additional metadata" and where will it come from? | |||
* to be looked up in LDAP for now? | |||
* can we re-use the existing user backends from server-core, stripped of their ability to authenticate users? | |||
===== Migrate mozsvc.user to use vepauth by default ===== | |||
* we already have code to automate authentication against a repoze.who plugin and expose the result as "request.user". | |||
* it currently uses basicauth by default; make it use vepauth with appropriate settings | |||
* provide extra utility functions? Need feedback from other projects on what is required of the API. | |||
==== Target Timeline ==== | ==== Target Timeline ==== | ||