Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Major API restructuring #319

Draft
wants to merge 15 commits into
base: main
Choose a base branch
from
Draft

Major API restructuring #319

wants to merge 15 commits into from

Conversation

byewokko
Copy link
Collaborator

@byewokko byewokko commented Nov 2, 2023
edited
Loading

🚨 This seriously breaks Auth UI and Admin UI functionality without backward compatibility. 🚨

❗ This MR will likely be split into smaller MRs. ❗

Sync merge with

Summary

  • Public container must not contain any auth-protected endpoints. They must be placed in the private container.
  • All endpoints contained in the public container are also included in the private container (with the same authorization).
  • All endpoints have been sorted into broad API categories and had a respective prefix added to their URL path (e.g. Seacat account management endpoints have been prefixed with /account).
  • Dots and underscores in path names have been replaced with a dash - (e.g. /public/login-prologue instead of /public/login.prologue).

Complete table of endpoint path changes

seacat-auth-endpoints-rev-2024-02.ods

APIs

Public web container (default port 3081)

  • /.well-known/ - standard well-known locations (OIDC)
  • /openidconnect/ - OAuth 2.0 and OIDC API
  • /public/ - core authentication API (login, logout, registration, lost password, cookie entry...)

Private web container (default port 8900)

  • /account/ - Seacat Account API (change password, change email, configure login options...)
    • authentication required
  • /admin/ - Seacat Admin API (manage tenants, roles, credentials...)
    • authentication + seacat:access authorization required
  • /nginx/ - internal nginx utilities (introspection)
    • no authentication
  • /asab/ - ASAB API
    • authentication required
  • /doc, /oauth2-redirect.html and /asab/v1/openapi - Swagger docs and OpenAPI
    • no authentication
  • plus /.well-known/, /openidconnect/ and /public/ as in the public container

TODO

@byewokko byewokko marked this pull request as draft November 2, 2023 22:01
@byewokko byewokko mentioned this pull request Nov 16, 2023
Open
@byewokko byewokko added enhancement New feature or request breaking change This will introduce a breaking change labels Nov 16, 2023
@ateska
Copy link
Contributor

ateska commented Nov 27, 2023

@byewokko I'm assigned? ;-)

@byewokko byewokko assigned byewokko and unassigned ateska Nov 27, 2023
@ateska
Copy link
Contributor

ateska commented Nov 30, 2023

Please also publish:

  • the table of how API endpoints will be structured after this is done
  • a procedure how to adopt this change

@byewokko

@eliska-n eliska-n mentioned this pull request Jan 3, 2024
Merged
@byewokko byewokko mentioned this pull request Feb 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@byewokko byewokko

Labels
breaking change This will introduce a breaking change enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@byewokko @ateska