Re-authorize farms #104
Comments
|
I've updated the I tested adding and authorizing a 1.x server on a local URL. Then, I brought up a 2.x server on the same URL (simulating the update process). Making a request with the old token failed - as expected. I was then able to re-authorize the server via the manual Authorization Code flow. This should cover the use case described above where a "manual" re-authorization is required.
This process shouldn't be affected by any of these 2.x changes. This script will just send a |
Once a farmOS server is migrated to farmOS 2x, the access token the Aggregator has will no-longer be valid. This is because the
oauth2_serverandsimple_oauthmodules used in the farmOS server use different token formats (oauth2_serveruses a simple fixed length random string.simple_oauthuses an encrypted JWT).We could investigate a way to migrate the access tokens... but my initial thoughts are it isn't possible without modifications to
simple_oauthinternal validation of tokens. This seems unnecessarily complicated since we have other alternatives (and not many users of the Aggregator).For the "managed aggregator" use case (where credentials to a user account is known for all connected farmOS servers), a simple re-authorization script should be sufficient in providing Aggregator farms with a new, valid access token.
For the use case where farmOS admins have joined an aggregator themselves, the admin will need to re-authorize their farmOS server with the Aggregator. This requires communication between the Aggregator admin/farmOS admin during the farmOS server migration. Since we already have methods in place to request authorization from farmOS admins, I consider this use case handled.
Changes to OAuth scopes should be taken to account during this process: #105
The text was updated successfully, but these errors were encountered: