[OAuth2Provider][WIP] Enabling OAuth2 authorization on Review Board Web API

Review Request #7996 - Created Feb. 25, 2016 and discarded

Minh Le Hoang
Review Board
master
7941, 7997
7997, 8095
reviewboard
brennie, chipx86

Prior to this commit. A user can manage list of all OAuth2 client applications
and OAuth2 tokens but there is no mechanism to authorize resources using OAuth2
protocol. In this commit, OAuth2 authorization mechanism is added to
the current authorization mechanism for Review Board web API resources.
Services now can follow OAuth2 protocol, send a request with appropriate
authorization header to work with Review Board's resources. All the scopes
are loaded at RB start time, and external services can request a token with
specify scope through OAuth2 protocol. When using Review Board's API resource,
the scope of a token is checked to make sure that the external service has
the right permission the resource.

Since Django OAuth toolkit does not support dynamic scope, modifications
are needed. OAuth2Validator.validate_scopes now always use the dynamic
dict of scopes for scope validation. OAUTH2_PROVIDER['SCOPES'] is a
dynamic dict of scopes. OAuth2ProviderSettings does not cache any scope related
information and always provive most up to date scope information.

Manual test. Missing unit tests. I will be added latter

  • 6
  • 8
  • 4
  • 18
Description From Last Updated
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Col: 80 E501 line too long (80 > 79 characters) Review Bot Review Bot
Review Bot
Christian Hammond
Minh Le Hoang
Review Bot
Barret Rennie
Review request changed

Status: Discarded

Loading...