Skip to content

Update the authorization / authentication protocol for the OSPO REST API from PAT to OIDC #335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Apr 30, 2024
Merged

Update the authorization / authentication protocol for the OSPO REST API from PAT to OIDC #335

merged 8 commits into from
Apr 30, 2024

Conversation

BillWagner
Copy link
Member

DON'T SQUASH THIS PR. INDIVIDUAL PRs INTO THIS BRANCH WERE SQUASHED.

The work on this feature branch updated the authorization and config for using the Open Source Programs Office REST API from Personal Access Tokens to OIDC. In addition, the code using that REST API was made resilient if the config has not be updated. When the OIDC configuration variables are missing, the HTTP client is null, and no API calls are tried.

However, if the new tokens are configured, but are invalid, the service will throw exceptions to indicate the configuration failure.

IEvangelist and others added 2 commits April 22, 2024 14:24
@IEvangelist
Minor clean up and switch to Bearer token header (#330)
ae61761 
* Minor clean up and switch to Bearer token header

* Add a test sandbox, and expose a means for getting a hydrated `OspoClient` via a factory that does `az login` and `az account get-access-token`.

* A tweak or two
@BillWagner
use OIDC in the code for what's new (#333)
6e83ec9 
* use OIDC in the code for what's new, Quest

Update the What's New app code to use the new OIDC approach.
Update the Quest app to use the new OIDC approach.

* Configure the OSPO client using the new keys

In both SeQuester, and the What's New app, make the following changes:

- Use the OIDC configuration to setup access to the OSPO client.
- Check for the deprecated key, and produce a warning if the deprecated key is present.
- If the authorization fails, fail gracefully in both apps when an item needs to be updated.
@BillWagner BillWagner requested a review from gewarren April 25, 2024 13:25
@BillWagner
Copy link
Member Author

/cc @jeffwilcox

IEvangelist and others added 2 commits April 25, 2024 14:09
@IEvangelist @BillWagner
Minor clean up and switch to Bearer token header (#330)
404d899 
* Minor clean up and switch to Bearer token header

* Add a test sandbox, and expose a means for getting a hydrated `OspoClient` via a factory that does `az login` and `az account get-access-token`.

* A tweak or two
@BillWagner
use OIDC in the code for what's new (#333)
bf6f856 
* use OIDC in the code for what's new, Quest

Update the What's New app code to use the new OIDC approach.
Update the Quest app to use the new OIDC approach.

* Configure the OSPO client using the new keys

In both SeQuester, and the What's New app, make the following changes:

- Use the OIDC configuration to setup access to the OSPO client.
- Check for the deprecated key, and produce a warning if the deprecated key is present.
- If the authorization fails, fail gracefully in both apps when an item needs to be updated.
@BillWagner BillWagner requested a review from IEvangelist as a code owner April 26, 2024 19:34
@BillWagner BillWagner force-pushed the oidc-sandbox branch 2 times, most recently from 80440a7 to 48a2a76 Compare April 29, 2024 15:01
@IEvangelist IEvangelist merged commit c5e838d into main Apr 30, 2024
9 checks passed
@BillWagner BillWagner deleted the oidc-sandbox branch April 30, 2024 13:38
BillWagner added a commit to BillWagner/docs that referenced this pull request Apr 30, 2024
@BillWagner
Use OIDC keys for the OSPO API
00292cf 
Relies on dotnet/docs-tools#335

Update the YML files for the OIDC authorization protocol
@BillWagner BillWagner mentioned this pull request Apr 30, 2024
Merged
BillWagner added a commit to dotnet/docs that referenced this pull request Apr 30, 2024
@BillWagner @IEvangelist
Use OIDC keys for the OSPO API (#40674)
91ed988 
* Use OIDC keys for the OSPO API

Relies on dotnet/docs-tools#335

Update the YML files for the OIDC authorization protocol

* Apply suggestions from code review

Co-authored-by: David Pine <[email protected]>

---------

Co-authored-by: David Pine <[email protected]>
BillWagner added a commit to BillWagner/csharpstandard that referenced this pull request Apr 30, 2024
@BillWagner
Change to secretless authentication
fa08b67 
See dotnet/docs-tools#335 for details.
@BillWagner BillWagner mentioned this pull request Apr 30, 2024
Merged
BillWagner added a commit to dotnet/csharpstandard that referenced this pull request Apr 30, 2024
@BillWagner
Change to secretless authentication (#1098)
5633a08 
See dotnet/docs-tools#335 for details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gewarren gewarren gewarren approved these changes

@IEvangelist IEvangelist Awaiting requested review from IEvangelist IEvangelist is a code owner

Assignees

@BillWagner BillWagner

@IEvangelist IEvangelist

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BillWagner @gewarren @IEvangelist