Skip to content

wip: Zulip as OAuth2 Provider #16529

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

wip: Zulip as OAuth2 Provider #16529

wants to merge 4 commits into from

Conversation

@aero31aero
Copy link
Member

Continuing from #16455 with @showell.

Testing Plan:

GIFs or Screenshots:

@aero31aero aero31aero force-pushed the 5-oauth branch 2 times, most recently from ff29d9b to 325ccbd Compare October 14, 2020 00:27
showell and others added 3 commits October 20, 2020 17:08
@showell @aero31aero
wip: Try out oauth2_provider.
b34fc26 
Right now we manually install django-oauth-toolkit.

This includes:

    - help Django find the relevant templates
      for the application view

    - add in relevant views from the toolkit

    - validate access tokens for Zulip views

TODO:

    We should lock down the views and only allow admin
    users to create applications, probably.

    And we should automatically install the toolkit.

    We should refine read/write scopes.  (For now we
    assume users just authorize with write scope.)

    We can clean up the template-related code (to
    de-duplicate the logic we use for the two-factor
    templates).

    And still lots else to do, like writing tests, etc.
@aero31aero
provision: Add django-oauth-toolkit.
ee13631
@aero31aero
oauth: Create separate module and subclass TokenView.
6716cd1
@zulipbot
Copy link
Member

Heads up @aero31aero, we just merged some commits that conflict with the changes your made in this pull request! You can review this repository's recent commits to see where the conflicts occur. Please rebase your feature branch against the upstream/master branch and resolve your pull request's merge conflicts accordingly.

@showell showell mentioned this pull request Nov 29, 2020
Open
@showell
Copy link
Contributor

showell commented Nov 29, 2020

Just to give a status of this:

  • this PR is a collaboration between me and Rohitt
  • we have tested it fairly extensively in practice
  • we would need to subsume some of the canned forms from the toolkit into oauth
  • we would need automated tests

But, overall, if anybody ever needs to take this over, they have a pretty solid foundation.

It's likely to have rebase conflicts, but they will generally just be around the pip/requirements stuff.

@showell showell mentioned this pull request Jan 12, 2021
Open
@edith007
Copy link
Contributor

@showell can i take this PR forward?

@showell
Copy link
Contributor

showell commented Jan 16, 2021

@edith007 Sure, give it a shot.

@edith007 edith007 mentioned this pull request Jan 28, 2021
Open
8 tasks
@showell showell mentioned this pull request Apr 5, 2022
Open
6 tasks
@timabbott timabbott force-pushed the main branch 2 times, most recently from 4ec3636 to 88b200c Compare August 18, 2023 23:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

has conflicts size: XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aero31aero @zulipbot @showell @edith007