NXPY-254: Authorization Error for OAuth

[gitofanindya]

No description provided.

[sourcery-ai]

PR Type: Enhancement

PR Summary: This pull request introduces enhancements to the OAuth2 authentication mechanism within the Nuxeo Python client. Specifically, it adds the ability to verify SSL certificates during the OAuth2 authorization process by introducing a new 'verify' attribute. This attribute is used in various methods to ensure that SSL verification can be enabled or disabled as needed. The changes include initializing this attribute in the class constructor, modifying the token refresh logic to accept this parameter, and ensuring it is passed correctly when requesting and refreshing tokens.

Decision: Comment

📝 Type: 'Enhancement' - not supported yet.

• Sourcery currently only approves 'Typo fix' PRs.

✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.

No details provided.

📝 Complexity: the changes are too large or complex for Sourcery to approve.

• Unsupported files: the diff contains files that Sourcery does not currently support during reviews.

General suggestions:

• Consider adding more detailed documentation or comments explaining the purpose and usage of the 'verify' parameter, especially for users who might not be familiar with SSL certificate verification in HTTP requests.
• It might be beneficial to include examples or use cases in the documentation where disabling SSL verification could be necessary or advised, providing users with clearer guidance on how to use this new feature securely.
• Ensure thorough testing of both scenarios where SSL verification is enabled and disabled. This includes testing with valid and invalid certificates to confirm that the behavior aligns with expectations and does not introduce security vulnerabilities.

Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨

Share Sourcery

• X
• Mastodon
• LinkedIn
• Facebook

---

Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.08%. Comparing base (54400d7) to head (1b35ebf).

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #302      +/-   ##
==========================================
+ Coverage   96.63%   97.08%   +0.45%     
==========================================
  Files          29       29              
  Lines        1811     1819       +8     
==========================================
+ Hits         1750     1766      +16     
+ Misses         61       53       -8     

Flag	Coverage Δ
functional	89.60% <10.00%> (-0.40%)	⬇️
unit	52.22% <100.00%> (+0.65%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mr-shekhar]

The test cases are not properly written. Pl. follow the standard practise of writing testcases, as discussed.

Done.

[gitofanindya]

An SSL/TLS certificate is a digital object that allows systems to verify the identity & subsequently establish an encrypted network connection to another system using the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol. Certificates are used within a cryptographic system known as a public key infrastructure (PKI). PKI provides a way for one party to establish the identity of another party using certificates if they both trust a third-party - known as a certificate authority. SSL/TLS certificates thus act as digital identity cards to secure network communications, establish the identity of websites over the Internet as well as resources on private networks.

A self-signed TLS/SSL certificate is not signed by a publicly trusted certificate authority (CA) but instead by the developer or company that is responsible for the website; as they are not signed by a publicly trusted CA, they are usually considered unsafe for public applications and websites.
The role of a public CA is to guarantee the validity of the information included in a certificate, especially the ownership and/or control of the domain name(s) associated with the certificate in the case of [TLS/SSL]. Therefore, using self-signed certificates is the equivalent of using credentials that have not been issued by a valid authority.

However, if a self-signed certificate needs to be used, we need to turn off the certificate verification as it is not signed by any trusted CA, the verification will fail.

This PR adds improvements to the Nuxeo Python client's OAuth2 authentication system. In particular, it introduces a new 'verify' feature that allows SSL certificates to be verified during the OAuth2 authorization process. This property ensures that SSL verification can be turned on or off as needed in a number of ways. The adjustments include setting this parameter's initial value in the class constructor, adapting the token refresh mechanism to take it, and making sure it is supplied accurately when requesting and refreshing tokens.

[mr-shekhar]

👍