Migrate pertinent parts of mozilla-django-oidc into api repo #892
Comments
lbeaufort
changed the title
mozilla_django_oidc.auth.OIDCAuthenticationBackendmozilla_django_oidc.auth.OIDCAuthenticationBackend
|
Since we're overriding the |
|
I've got a PR in progress for simplifying the Mozilla repo, I got a bit stuck on how generic to keep it. If the use case is only a django/login.gov I might pull out PKCE since that's only recommended for mobile apps. WIP PR: fecgov/mozilla-django-oidc#9 |
|
Aurelia Khorsand commented: Combined with [https://fecgov.atlassian.net/browse/FECFILE-161|https://fecgov.atlassian.net/browse/FECFILE-161|smart-link] (#892). Text from other ticket as follows: We need to be able to redeploy to the production space. If we make changes to the main branch of the mozilla package (like this: [https://github.com/fecgov/mozilla-django-oidc/commit/bd411b4a09167eb8f9b300f61ed0220cb62697cf|https://github.com/fecgov/mozilla-django-oidc/commit/bd411b4a09167eb8f9b300f61ed0220cb62697cf|smart-link] ) the API main branch will be behind and will cause builds to fail until it catches up. Example: [https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3497/workflows/5de88b39-7a68-4640-af9c-302cf7a0571b/jobs/10942|https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3497/workflows/5de88b39-7a68-4640-af9c-302cf7a0571b/jobs/10942] We need to be able to check dependencies on both project, with some flexibility on backwards compatibility. We might need to manage releases for mozilla package. |
mjtravers
changed the title
mozilla_django_oidc.auth.OIDCAuthenticationBackend
|
Sasha Dresden commented: I started a [branch|https://github.com/fecgov/fecfile-web-api/tree/feature/1396] for this where I took our version of the mozilla-oidc package and pulled it into the fecfile-api repo and was able to successfully deploy out to dev. However, as I’m a little less familiar with what needs to be pruned, after talking with Matt, we’re going to have David focus on this when he gets back. |
|
David Heitzer commented: also fecgov/fecfile-web-app#2069 |
|
Matt Travers commented: Passes CR. Sending to QA. |
|
Shelly Wise commented: QA review verified per AC can login to DEV using [LOGIN.GOV|http://LOGIN.GOV] !image-20240801-144609.png|width=923,height=887,alt="image-20240801-144609.png"! QA Review Completed. Moved to Stage Ready. |
|
Sprint accepted by Paul Clark during sprint review on 8/20/2024. |
Business Reason
As a developer, we currently maintain a customized fork of the mozilla OIDC package which can poses maintenance challenges with syncing with upstream changes and managing versions used within the fecfile-web-api repository. In addition, the FECFile Online API only uses a subset of the code in the OIDC fork further complicating maintenance.
Task: To pull the parts of the OIDC code that is used by the FECFile Online API into the fecfile-web-api repository. The migrated code will need to be credited to the original authors and repository. The migrated code should be isolated in its own code space within the fecfile-web-api code base so that it can be easily identified and integrated into the main API application.
Dev notes
https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html?highlight=create_user#changing-how-django-users-are-created
https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#connecting-oidc-user-identities-to-django-users
cryptographyversion in the api requirements.txt. The current value had to match the version in the Mozilla package to avoid conflicts.Deploy notes:
On deploy to each environment, in the login dot gov dashboard edit the following “redirect URIs” and change
/api/v1/auth/logout-redirectto/api/v1/oidc/logout-redirectand/oidc/callback/to/api/v1/oidc/callback(note the trailing slash removal)QA Notes
Ticket passes if users are able to log into DEV using Login.gov
DEV Notes
null
Design
null
See full ticket and images here: FECFILE-1396
The text was updated successfully, but these errors were encountered: