Implement OAuth 2.0 workflows for authorize 3rd party application integrating with Horreum #782

johnaohara · 2023-10-19T17:43:13Z

With requests to integrate data into various reporting tools, Horreum should move to a standard for authorizing access to data.

An OAuth2.0 workflow would allow for better integration with reporting and analysis tools

johnaohara · 2024-01-18T06:38:11Z

@barreiro after chatting yesterday, it also seems that you are trying to fix this issue, alongside #780

Is that correct?

barreiro · 2024-01-18T14:57:32Z

@johnaohara it depends on the definition of 3rd party application, and workflow, but yes, it's all part of the security review.

johnaohara · 2024-01-18T15:03:35Z

@barreiro there is an issue tracking all the changes to the security model: #777

As part of your review, please can you update this issue as well with changes that are required

johnaohara mentioned this issue Oct 19, 2023

Security Review #777

Open

14 tasks

johnaohara added type/enhancement An enhancement to an existing feature branch/master The master branch labels Oct 19, 2023

johnaohara added the priority/high High priority label Jan 18, 2024

johnaohara mentioned this issue Jan 18, 2024

Review test tokens and impact of authorization, esp wrt read/write/upload permissions #789

Open

johnaohara added this to the 0.12 milestone Jan 18, 2024

johnaohara assigned barreiro Jan 18, 2024

johnaohara removed this from the 0.12 milestone Feb 5, 2024

johnaohara mentioned this issue Feb 20, 2024

token is not passed to test.compareUrl for fetching non-public data #1330

Open

johnaohara mentioned this issue May 15, 2024

SSO Enablement #1700

Open

2 tasks

Provide feedback