RAS Authentication Updates #1864
Conversation
…nto py311_redis
… into ras_integration
| if 'kty' not in jwk: | ||
| raise ValueError("JWK must have a 'kty' field") | ||
| kty = jwk['kty'] | ||
|
|
||
| if kty == 'RSA': | ||
| if 'n' not in jwk or 'e' not in jwk: |
There was a problem hiding this comment.
Might be useful to give an example here, maybe move this helper to snovault as well so it can be re-used in smaht-portal eventually
There was a problem hiding this comment.
@willronchetti I added more description, sample into docstring and TODO for possible move to snovault.
src/encoded/__init__.py
Outdated
| else: | ||
| # RAS | ||
| scope = 'openid profile email ga4gh_passport_v1' | ||
| allowed_conn = ['google-oauth2'] |
There was a problem hiding this comment.
This I think is unused in RAS right?
There was a problem hiding this comment.
Yes, scope is still used, but allowed_conn is unnecessary. Btw, simplified it for clarity: ce2a53a
| pytestmark = [pytest.mark.setone, pytest.mark.working] | ||
|
|
||
|
|
||
| class TestRedisSession: |
There was a problem hiding this comment.
I should add some more to test here
src/encoded/authentication.py
Outdated
| generate_user, | ||
| NamespacedAuthenticationPolicy, | ||
| session_properties | ||
| import base64 |
There was a problem hiding this comment.
What changes in this file are actually necessary vs. what is handled in snovault? I think most of this should be removed right?
There was a problem hiding this comment.
@willronchetti this commit was already in redis_311. let me check it, if it became stale I'd remove.
There was a problem hiding this comment.
@willronchetti cleared the duplicate (and unnecessary) stuff and redeployed it into mastertest/hotseat. They're still running well.
pyproject.toml
Outdated
| @@ -97,7 +97,7 @@ simplejson = "^3.17.0" | |||
| SPARQLWrapper = "^1.8.5" | |||
| SQLAlchemy = "1.4.41" # latest stable version we can take - Will Jan 13 2023 | |||
| structlog = ">=19.2.0,<20" | |||
| submit4dn = "0.9.7" | |||
| submit4dn = "0.9.7" # XXX: this version is likely not 3.11 compliant but will allow locking for now | |||
There was a problem hiding this comment.
Does fourfront even use submit4dn? Maybe this dependency should be removed or if it is used checked and updated as we are now on v4.0.0 in pypi.
There was a problem hiding this comment.
@willronchetti @aschroed rebuilding FF without submit4dn worked. I have updated mastertest and hotseat.
|
@dmichaels-harvard I have not tested the branch yet but I hope that this merge has not overwritten the necessary RAS-specific updates. |
Notes:
auth0.domainasstsstg.nih.gov, nothttps://stsstg.nih.gov/auth/oauth/v2/tokenRelated PRs: