Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include authorization information in service info response #68

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Include authorization information in service info response #68

wants to merge 1 commit into from

Conversation

jb-adams
Copy link

@jb-adams jb-adams commented Nov 9, 2020

Related to #67 , this PR aims to incorporate the GA4GH FASP API Feedback into the service info spec, namely by allowing services to broadcast information about how to authorize to them (either alone or as part of a registry through service registry).

The motivation is to allow clients discovering new GA4GH services to automatically authorize to them without having pre-existing knowledge of auth server location and mechanisms.

@mbarkley provided a great document on how this could be accomplished. The document outlines the following 3 technical recommendations:

  1. Add the base, authorization, and token URLs of a trusted authorization server to Service Info
  2. Add required OAuth scopes and other parameters to the Service Info with room for custom and future standard extensions
  3. Add a client registration method (more details on this below)

The PR introduces an authInfo property and schema into the Service schema, which contains the above recommendations.

  1. Add the base, authorization, and token URLs of a trusted authorization server to Service Info

This is addressed by AuthInfo's authServer property, which contains 3 Authorization Server URLs: 1 for an optional service-info endpoint, one for the OAuth authorization endpoint, and one for the OAuth token endpoint

  1. Add required OAuth scopes and other parameters to the Service Info with room for custom and future standard extensions

This is partially addressed by AuthInfo's scopeDefinitions property, which maps controlled endpoints on the GA4GH resource server to the scope(s) one would need to pass to the authorization server to gain access to them.

Currently, custom parameters are not yet addressed in this PR, though they should be.

  1. Add a client registration method (more details on this below)

Not currently incorporated into this PR, though it should be.

@ianfore this should help in the FASP scripts making use of registry, allowing access to the DRS servers without handling tokens manually on the client machine

@mcupak

Initial commit to capturing auth info in service-info response
17ed041 
- capture OAuth2-specific endpoints on auth server
- capture scopes associated with specific endpoints on resource server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jb-adams