Openfoodnetwork: Document all current authentification methods

Created on 7 Apr 2021  路  7Comments  路  Source: openfoodfoundation/openfoodnetwork

What we should change and why

The first milestone in our API roadmap is to define our authentication methods, knowing that we will use Oauth2/OIDC for the DFC connector.

A first overview of what we are currently using was written here: https://community.openfoodnetwork.org/t/openid-connect-oidc-oauth2-authentication-solution-for-dfc-and-maybe-more/2084/3?u=rachel but lacks tech input and careful checking if anything was missed.

This issue is the first step towards an authentication strategy: the purpose here is only to get our documentation of current state right.

Acceptance criteria

Update (or create because I haven't found any?) the wiki page explaining our current auth. methods.

spike tech debt
Source
picture RachL
1

Most helpful comment

@RachL Okay, I think this is ready for "Code Review": https://github.com/openfoodfoundation/openfoodnetwork/wiki/Authentication

Based on what I've seen so far, I think the next mini-spike would be to explore Doorkeeper specifically. Key questions in my mind are:

  • How long would the most basic pieces take to implement?
  • How long would it take to implement OpenID Connect and/or JWT support
  • Are there any immediately prioritized use cases where Doorkeeper does not meet all of our requirements

Feel free to add others and create a new spike issue.

picture andrewpbrett on 7 Apr 2021
👍2

All 7 comments

There is some basic api auth documentation here: https://github.com/openfoodfoundation/openfoodnetwork/wiki/API-documentation

luisramos0 picture luisramos0 on 7 Apr 2021

btw, spree api v2 uses oauth, see here: https://api.spreecommerce.org/docs/api-v2/api/docs/oauth/index.yml

luisramos0 picture luisramos0 on 7 Apr 2021
👍1

Thanks @luisramos0! I found that page and am doing a little clarification/updating. Oauth 2/Doorkeeper is definitely looking like the best option to me.

andrewpbrett picture andrewpbrett on 7 Apr 2021

@RachL Okay, I think this is ready for "Code Review": https://github.com/openfoodfoundation/openfoodnetwork/wiki/Authentication

Based on what I've seen so far, I think the next mini-spike would be to explore Doorkeeper specifically. Key questions in my mind are:

  • How long would the most basic pieces take to implement?
  • How long would it take to implement OpenID Connect and/or JWT support
  • Are there any immediately prioritized use cases where Doorkeeper does not meet all of our requirements

Feel free to add others and create a new spike issue.

andrewpbrett picture andrewpbrett on 7 Apr 2021
👍2

ok, looks cool, code reviewed :+1:
Is this an alternative to doorkeeper? https://github.com/oauth-xx/oauth2

luisramos0 picture luisramos0 on 8 Apr 2021

I believe that oauth2 gem (which we currently have in the gemfile) is for making requests as an OAuth2 client; what we need is to find something that allows us to be an OAuth2 provider, which is what Doorkeeper does.

andrewpbrett picture andrewpbrett on 8 Apr 2021
👍1

@andrewpbrett thanks!!! I've created https://github.com/openfoodfoundation/openfoodnetwork/issues/7364 to continue the journey.

@openfoodfoundation/core-devs I'm assuming one review for a documentation update is enough so I'm closing this issue, please reopen if you disagree.

RachL picture RachL on 9 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sstead picture sstead  路  4Comments
luisramos0 picture luisramos0  路  3Comments
filipefurtad0 picture filipefurtad0  路  3Comments
RachL picture RachL  路  3Comments
kirstenalarsen picture kirstenalarsen  路  3Comments