Issue #168: [audit, blocking, question] OIDC scope handling seems unused - freshmaker

freshmaker

#168 [audit, blocking, question] OIDC scope handling seems unused

Closed: Fixed 6 years ago Opened 6 years ago by puiterwijk.

There's functions on freshmaker/auth.py:143/152 (require_oidc_scope/require_scopes) to require and validate a set of OIDC scopes, but I cannot find any place where that's used.
The only place I can see scopes being used are in auth.py:115, which uses validate_scopes, and is generic for every request.
Is the idea to require the same set of scopes for all requests?

jkaluza commented 6 years ago

We actually require auth (and therefore scope) for single POST request, but we might have multiple in the future, so I've added checking for scope in:

https://pagure.io/freshmaker/pull-request/176

That should fix this issue.

Metadata Update from @jkaluza:
- Issue assigned to jkaluza

6 years ago

Metadata Update from @jkaluza:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata

Assignee

jkaluza

Tags

None

Blocking

None

Depending on

None

freshmaker

Source Code

Documentation

#168 [audit, blocking, question] OIDC scope handling seems unused Closed: Fixed 6 years ago Opened 6 years ago by puiterwijk.

Metadata

#168 [audit, blocking, question] OIDC scope handling seems unused

Closed: Fixed 6 years ago Opened 6 years ago by puiterwijk.