Conversation
kislyuk
approved these changes
Sep 4, 2018
Member
kislyuk
left a comment
kislyuk
left a comment
There was a problem hiding this comment.
Approved with one reservation.
| title, | ||
| *args, **kwargs) | ||
|
|
||
| def handler_DSSException(e: DSSException) -> FlaskResponse: |
Member
There was a problem hiding this comment.
I would suggest that this be renamed to dss_exception_handler().
Bento007
force-pushed
the
tsmith-oidc
branch
from
d2a2d03 to
5b7c05e
Compare
Release Notes
* Using auth0 for authentication of user credential and using google service account credential for service to service authentication.
* Add new environment variables
* TOKEN_INFO_URL is the endpoint to use for token info
* OPEN_ID_PROVIDER all JWTs must be issued from this provider unless a trust google project is used.
* Added GROUP_CLAIM to environment
* Added more detail to swagger for authorization claims and scope
Dev Notes
* adding an exceptions handler to flask for DSSExpections so the correct error is returned in the Response. This is because the verification of the JWT occurs before dss_handler is called.
* Added the new security module for verifying JWT
* Added test cases for dss.utils.security
* Add new configuration variables
* _TRUSTED_GOOGLE_PROJECT lists all of google service credentials that can be used with the DSS, it is derived from _ALLOWED_EMAILS
* _JWT_AUDIENCE is the audience that must be present in the JWT, it is derived from API_DOMAIN_NAME
* getting audience from an environment variable. Audience is now https://data.humancellatlas.org/ for production and https://dev.data.humancellatlas.org/ for dev, integration, and staging.
Bento007
force-pushed
the
tsmith-oidc
branch
from
5b7c05e to
f944841
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I forgot to add the new environment variables to
EXPORT_ENV_VARS_TO_LAMBDA_ARRAY>_<Deployment instructions & migrations
Release notes
see commits