Home | Content | Search | Navigation | Toolbox | Actions | In other languages

Build Service/OpenID

From openSUSE

[edit]

OpenID Support for openSUSE Build Service

The goal is to have a working instance of the Build Service where users can log in with an OpenID. That doesn't mean that the production instance at build.opensuse.org has to be switched to OpenID, but that it's possible to set up a separate instance which uses OpenID instead of the own user management which currently is implemented.

Any OpenID provider should be usable with the Build Service. To synchronize user data between different openSUSE services, we might want to have some connection to users.opensuse.org. But that's a second step after implementing the basic OpenID consumer functionality.

To achieve that goal we have to do the following four things:

  • Create a web UI for the actual login, where people can log in via OpenID and the login gets associated with a User object in the database. This UI should be part of the frontend which serves the API.
  • The logged in user get associated with an API key which later is used to operate the API. This API key could get generated on request of the user or automatically. We have to investigate what's the best option here. This also needs a bit of UI, so the user can control the key and also can view or download it for further use in osc or any other tool which talks to the UI.
  • The authentication mechanism of the API has to be extended to use the API key instead of the current mechanisms of iChain and own user database. To be able to implement that cleanly it would be helpful to modularize the authentication code of the API.
  • The web client has to be adapted to support the OpenID login. One way to do that would be to provide a login which redirects to the OpenID login on the API which after successfull authentication redirects back to the web client. The redirection to the web client should include the API key, which then would be stored in the session for subsequent use for authentication when accessing the API.

In addition we should look at OAuth as an alternative (and maybe better) way to provide access to the API through the OpenID login. There is an OAuth plugin for Ruby.

GSOC 2009 Implementation

For general information about the Build Service go to the Build Service Wiki page.

Retrieved from "http://en.opensuse.org/Build_Service/OpenID"
The content on this and other wiki pages is posted by community members who are not acting for or on behalf of Novell, Inc., whether or not they otherwise have affiliation with Novell.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 11:28, 4 June 2009. This page has been accessed 399 times.

Founded by Novell