Migrate Flask OIDC from oauth2client to something else that is not deprecated.
The Flask OIDC is using oauth2client library for authentication. This library was deprecated in 2018.
We want to move your apps to OpenID Connect using the flask-oidc in most cases. And we already have some that are using it.
It is a security risk for your apps to use deprecated authentication library. So this will be a security benefit for all apps using flask framework.
The Flask OIDC is migrated to maintained authentication library.
This affects authentication process on every Fedora app using Flask framework.
It would be nice to have security expert on this initiative
Authentication expert would be nice as well
As soon as possible, we don't want to use deprecated authentication library in our infra
Metadata Update from @amoloney:
- Issue tagged with: In Review
I did quite a bit of work with the authlib library on Bodhi to port it to OIDC, and it already has some support for Flask. I may be able to help with this initiative or with prototyping/scoping.
Issue tagged with: Accepted
to comment on this ticket.