Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor the OAuth flow #139

Closed
woodruffw opened this issue Jun 22, 2022 · 0 comments · Fixed by #140
Closed

Refactor the OAuth flow #139

woodruffw opened this issue Jun 22, 2022 · 0 comments · Fixed by #140
Assignees
@woodruffw
Labels
component:signing Core signing functionality enhancement New feature or request

Comments

@woodruffw
Copy link
Member

woodruffw commented Jun 22, 2022
edited

The current OAuth implementation has some idempotency issues (#136) -- it's easy to misuse, which results in hard to debug errors.

I think the right solution here is to push everything into a context manager and collapse the lifetime distinction between the local listening server and the OAuth request.

Something like this (sketched):

with OAuthFlow(...) as flow:
    # flow contains state for the server, switches to OOB as necessary
    # ...
@woodruffw woodruffw added the enhancement New feature or request label Jun 22, 2022
@woodruffw woodruffw self-assigned this Jun 22, 2022
@woodruffw woodruffw added the component:signing Core signing functionality label Jun 22, 2022
@woodruffw woodruffw mentioned this issue Jun 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@woodruffw woodruffw

Labels
component:signing Core signing functionality enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

oauth: use a context manager for the server's thread sigstore/sigstore-python
1 participant
@woodruffw