Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenID Connect split #525

Merged
merged 14 commits into from Jun 5, 2018

Conversation

Projects
None yet
6 participants
@wiliamsouza
Copy link
Member

commented Mar 17, 2018

This PR reduces the not backward compatible changes related to OpenID Connect Core improvements wich will only affect those who use OpenID connect that is very small considered with OAuth2 users.

All related OpenID Connect Core code now live in it's own tree like:

oauthlib/openid/
├── connect
│   ├── core
│   │   ├── endpoints
│   │   │   └── pre_configured.py
│   │   ├── exceptions.py
│   │   ├── grant_types
│   │   │   ├── authorization_code.py
│   │   │   ├── base.py
│   │   │   ├── dispatchers.py
│   │   │   ├── exceptions.py
│   │   │   ├── hybrid.py
│   │   │   ├── implicit.py
│   │   │   └── __init__.py
│   │   ├── __init__.py
│   │   ├── request_validator.py
│   │   └── tokens.py
│   │   └── __init__.py
│   └── __init__.py
└── __init__.py

@wiliamsouza wiliamsouza requested review from thedrow and skion Mar 24, 2018

@wiliamsouza wiliamsouza force-pushed the wiliamsouza:openid-connect-split branch Mar 24, 2018

@skion
Copy link
Member

left a comment

I like the idea and left an initial comment.

Does this PR contain any functional changes, or merely moving existing code around?

from oauthlib.oauth2.rfc6749.tokens import TokenBase, random_token_generator


class JWTToken(TokenBase):

This comment has been minimized.

Copy link
@skion

skion Mar 27, 2018

Member

I wouldn't regard JWT tokens to be part of OIDC, but rather a special type of Bearer token. Notably there is RFC7523, which specifies how to use JWTs for token exchange and client authentication within plain OAuth2, but I imagine there could be other use cases even.

This comment has been minimized.

Copy link
@ViktorHaag

ViktorHaag Mar 27, 2018

Contributor

As such an example use case that I know of: in the educational tech standards world, the IMSGlobal standards organization is proposing the use of JWTs as a way to carry signed messages from system to system within the Learning Tools Interoperability (LTI) standard, apart from using them as assertions of identity within an OAuth2/OIDC style workflow.

This comment has been minimized.

Copy link
@thedrow

thedrow Mar 27, 2018

Collaborator

I agree. Let's move this out of the openid package.

This comment has been minimized.

Copy link
@wiliamsouza

wiliamsouza Mar 27, 2018

Author Member

Ok, my suggestion is to start using a tree like:

│   ├── tokens
│   │   ├── bearer
│   │   │   ├── __init__.py
│   │   │   └── rfc6750
│   │   │       └── __init__.py
│   │   ├── __init__.py
│   │   ├── jwe
│   │   │   ├── __init__.py
│   │   │   └── rfc7516
│   │   │       └── __init__.py
│   │   ├── jws
│   │   │   ├── __init__.py
│   │   │   └── rfc7515
│   │   │       └── __init__.py
│   │   └── jwt
│   │       ├── __init__.py
│   │       ├── rfc7519
│   │       │   └── __init__.py
│   │       └── rfc7523
│   │           └── __init__.py

And this can be keep as sibling of oauth2 and openid folders.

ls oauthlib/

common.py  __init__.py  oauth1  oauth2  openid  signals.py  tokens  uri_validate.py  webfinger

This comment has been minimized.

Copy link
@skion

skion Mar 27, 2018

Member

Would you reckon we need jwe and jws in our codebase, or can we just depend on a JWT library for that?

This comment has been minimized.

Copy link
@wiliamsouza

wiliamsouza Mar 27, 2018

Author Member

We can use a external lib but common interface would be nice cause we need change that lib for any reason we don't break things.

This comment has been minimized.

Copy link
@wiliamsouza

wiliamsouza Mar 27, 2018

Author Member

But this can be handled in a next PR would like let this PR as is and discuss how and where to move JWT in a proceeding one.

This comment has been minimized.

Copy link
@thedrow

thedrow Mar 29, 2018

Collaborator

We could split our tokens implementation into a different package later.

This comment has been minimized.

Copy link
@lepture

lepture Apr 13, 2018

Collaborator

JWE seems not used in OpenID Connect. JWT requires JWS, JWA and maybe JWK.

This comment has been minimized.

Copy link
@wiliamsouza

wiliamsouza Apr 13, 2018

Author Member

Let's use #537 to talk about it. This PR will not include no changes like this.

@wiliamsouza

This comment has been minimized.

Copy link
Member Author

commented Mar 27, 2018

@skion Only moving things no new features added.

@JonathanHuot

This comment has been minimized.

Copy link
Member

commented Mar 29, 2018

Will be great to increase the test coverage for dispatchers.py and exceptions.py which have a very low pourcentage at the moment.

@skion

skion approved these changes Apr 13, 2018

Copy link
Member

left a comment

This should be OK to merge since it contains no functional changes. Any objections?

@skion

This comment has been minimized.

Copy link
Member

commented Apr 13, 2018

Opened an issue for the JWT pull: #537

@skion skion referenced this pull request May 8, 2018

Closed

Release 2.0.8 #545

@skion skion referenced this pull request May 21, 2018

Merged

Release 2.1.0 #548

@skion

This comment has been minimized.

Copy link
Member

commented May 26, 2018

@wiliamsouza Could you rebase this and merge this one?

@skion skion added this to the 3.0.0 milestone May 26, 2018

@wiliamsouza wiliamsouza force-pushed the wiliamsouza:openid-connect-split branch to 5f857f8 May 29, 2018

@thedrow thedrow merged commit d5a4d5e into oauthlib:master Jun 5, 2018

1 of 2 checks passed

coverage/coveralls Coverage decreased (-5.5%) to 92.429%
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.