✨(backend) support Authorization Code flow #5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Create a realm 'impress' and configure it to support the authorization code flow.
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 6951547 | Triggered | Generic Password | 1391400 | docker/auth/realm.json | View secret |
🛠 Guidelines to remediate hardcoded secrets
-
Revoke and rotate the secret.
-
If possible, rewrite git history with
git commit --amendandgit push --force.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
sampaccoud
reviewed
Feb 29, 2024
sampaccoud
approved these changes
Mar 1, 2024
Integrate 'mozilla-django-oidc' dependency, to support Authorization Code flow, which is required by Agent Connect. Thus, we provide a secure back channel OIDC flow, and return to the client only a session cookie. Done: - Replace JWT authentication by Session based authentication in DRF - Update Django settings to make OIDC configurations easily editable - Add 'mozilla-django-oidc' routes to our router - Implement a custom Django Authentication class to adapt 'mozilla-django-oidc' to our needs 'mozilla-django-oidc' routes added are: - /authenticate - /callback (the redirect_uri called back by the Idp) - /logout
Force login to bypass authorization checks when necessary. Note: Generating a session cookie through OIDC flow is not supported while testing our API.
Found typos and fixed them.
The local deployment of the Production image through docker-compose was failing due to issues in the Django configurations, influenced by Joanie. The bug stemmed from a dependency on a development-specific package (drf-spectacular-sidecar) while attempting to run the application in production mode. Changes Made: - Introduced new Django settings for local demo environments.
Add tests on get_or_create method.
Lint backend tests and sources.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
Preparing project for staging deployment by adding backend support for Authorization Code Flow in OIDC.
Proposal
mozzila-django-oidc