feat: add support for JWT authentication DS-959
#206
Conversation
|
I will test this soon, but in the meantime, can you add the Postman collection to the repository? Create a docs directory, something like https://github.com/eduNEXT/eox-core/tree/master/docs/resources, to add the collection you already created. It doesn't enter explicitly in the scope but will be helpful for future testing, and you already have the collection. Is it possible? |
|
Hi @MaferMazu. Yes, I can do something similar to how it is in |
There was a problem hiding this comment.
This works as expected! Thanks @BryanttV.
If you could add the collection, that would be great.
By the way, we usually use the squash and merge button to merge PRs.
When you squash and merge, the bump version workflow will run automatically (it will create a new tag with the latest version of eox-tenant depending on the commit message you use; with the feat, you will have a minor version). You only need to squash and merge and then go to https://github.com/eduNEXT/eox-tenant/releases and publish the latest release if we need it (if it is a change that does not require a release (is a change that does not modify the functionality or is not required for fixing a bug), you don't need to publish it). This will change slightly in the following sprints, but it works as I said for now. If you have questions, please don't hesitate to ask.
On the other hand, before merging, you will need to sign your commits. Ref: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification
|
@MaferMazu: do we deploy the latest release somewhere for remote testing? |
BryanttV
force-pushed
the
bav/add-jwt-support
branch
from
25c56aa to
3684e57
Compare
|
@MaferMazu, I already added the postman collection in |
|
@mariajgrimaldi No, we only test this in our environments for now. Then, we want to implement something to make testing easy in remote environments. |
Description
This PR allows you to make a request with a JWT token.
Testing instructions
Using Tutor:
Install the plugin with these changes. If you are installing it for the first time you should run the migrations.
Create a new application from
http://local.edly.io:8000/admin/oauth2_provider/application/. Associate a user with sufficient permissions and add to the Redirect uris field: http://local.edly.io:8000/Generate a JWT Token for the user using the next endpoint. POST
http://local.edly.io:8000/oauth2/access_token/. The content type of the request must beapplication/x-www-form-urlencodedBody parameters
client_id: Client ID of the application created above. e.g. CAfZv...IHD0Jclient_secret: Client Secret of the application created above. e.g. Qu2pnJJ9b1C6DA...u7Ej8x31RFiaKg9grant_type: client_credentialstoken_type: JWTResponse
{ "access_token": "eyJhbGciOiJIUz...SsDAs3KE_gEc", "expires_in": 3600, "token_type": "JWT", "scope": "read write email profile" }access_token: The user's access token. You must use this token in the Authorization header of the requests to the API.Test all
eox-tenantendpoints using the JWT token, all should work correctly. You can use this eox-tenant postman collection.Checklist for Merge