-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Site Accounts service for API keys #1506
Conversation
Merge upstream
Merge upstream
We wanted to add account managemen to the cs3 apis as well as ocis has an accounts service, which duplicated responsibilities and made us configure revas userprovider to talk to glauth which would talk to the ocis accounts service. Instead, we decided to use whatever user management is in place and rely on reva to reaid users from there. We will move the ui and persistence from our accounts service to glauth to have an embeddable user management with an ldap api. Users and groups can then be managed using existing tools. For guest accounts this means they need to be provisioned in an ldap server, or in whatever backend is configured for revas userprovider (and groupprovider). CERN is using a rest api and they have a process to onboard guests. @Daniel-WWU-IT does this pr also add a new backend for the user and group providers? Or do you want to be able to manage users using the CS3 api. For the letter you should add a PR to the CS3 apis repo. Ping me if you would like to collaborate on this. We have existing protobuf spects to manage accounts and groups in the existing ocis accounts service. I just want to make sure we are not duplicating efforts. |
This pull request introduces 1 alert when merging 98f7bfa into 06aa61f - view on LGTM.com new alerts:
|
@butonic This is something entirely different. It has nothing to do with end users or groups. These accounts are to manage the registered sites and generate API keys for them, which in return are used (or will be used) in the web apps. The service name could be changed to make this a bit more clear, I am open to better names here ;) Maybe something like |
Hm, I already feared I did not fully understand what this is about ;-) Naming is hard. |
Renamed. Indeed a much better name! |
This update adds a new service to Reva that handles site accounts creation and management. Registered sites can be assigned an API key through a simple web interface which is also part of this service. This API key can then be used to identify a user and his/her associated (vendor or partner) site.
Furthermore, Mentix was extended to make use of this new service. This way, all sites now have a stable and unique site ID that not only avoids ID collisions but also introduces a new layer of security (i.e., sites can only be modified or removed using the correct API key).
Note: The old registration APIs were removed in this PR; it is thus mandatory to update the web applications as well, and somehow allow the users to create an account.