Describe what you need us to do: Elections has been ported to openid-connect, as such it needs in its client_secret.json a client_id and a client_secret. Could you please look at generating them? (Having a SOP for this would be great as it would have allowed me to do them without bothering anyone else :))
client_secret.json
When do you need this? (YYYY/MM/DD) When possible
When is this no longer needed or useful? (YYYY/MM/DD) When elections is deprecated or we move to another authentication protocol
If we cannot complete your request, what is the impact? We cannot move forward with porting elections to openshift :)
NB: while only staging will be useful for now, I figure we might just as well create both stg and prod instances :)
To issue a client ID for web applications, we need answers to the following questions:
For the items marked with [1], please consult your library's documentation and usage.
Which redirect URI(s) will the application use?
This is already set in the client_secrets.json
What is the application main URL?
elections.stg.fedoraproject.org in stg
Who will be the main contact for the application, or will this be core infrastructure?
It's the elections app, nothing new
What privacy policy will be applicable to the application, or will this be the standard Fedora privacy policy?
Does the application need the user names, or will an application-specific pseudonym suffice?
Here are the scopes asked: OIDC_SCOPES = ['openid', 'email', 'profile', 'fedora']
OIDC_SCOPES = ['openid', 'email', 'profile', 'fedora']
Which authorization flow does the application use? [1]
It uses flask-oidc
Which token authentication method does the application use? [1]
Which redirect URI(s) will the application use? This is already set in the client_secrets.json
To be complete here is its value https://elections{{env_suffix}}.fedoraproject.org/oidc_callback
https://elections{{env_suffix}}.fedoraproject.org/oidc_callback
Pretty ping? :)
The client ID and secret are in elections_oidc_client_id and elections_oidc_client_secret respectively. For the record, the flask-oidc doc provides the technical answers: https://flask-oidc.readthedocs.io/en/latest/#manual-client-registration
elections_oidc_client_id
elections_oidc_client_secret
Metadata Update from @puiterwijk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
The client ID and secret are in elections_oidc_client_id and elections_oidc_client_secret respectively.
They do not mention stg in their name, do we want to use the same variable names for stg and for prod?
stg
Nah, no real need to. Since the staging setup should be using the staging IdP etc. The secret itself should probably be different, but the client ID doesn't have to be. (but if you feel strongly, feel free to do so)
The secret itself should probably be different, but the client ID doesn't have to be.
Thanks, I'll renamed the client secret only then :)
Login to comment on this ticket.