Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #14542 have OAuth2 flow
Actions
Summary
Empty
have OAuth2 flow
Empty

See epics acceeptance criteria.

The whole thing is a "all or thing" story, here it corresponds to implementation of the OAuth2 protocol flow.

Empty
Empty
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#14542
Manuel Vacelet (vaceletm)
2020-03-27 15:33
2020-02-11 16:43
15886

References
Artifact links
Empty
Referencing story #14542

Artifact Tracker v5

epic #14432 Tuleap OAuth2 Provider
rel #14270 11.13

Git commit

tuleap/tuleap/stable

Extract scope notions from the access key implementation a5d8d7b609
User avatar Thomas Gerbet (tgerbet) , 2020-02-13 15:00
Use native typehints in the Tuleap\Authentication\SplitToken namespace 43bc7b51e8
User avatar Thomas Gerbet (tgerbet) , 2020-02-13 17:40
Protect a test resource with an OAuth2 access token 976a0efcc0
User avatar Thomas Gerbet (tgerbet) , 2020-02-17 13:29
OAuth2 access tokens are retrieved from the database to be verified f9e1acd493
User avatar Thomas Gerbet (tgerbet) , 2020-02-17 15:22
Set the WWW-Authenticate header when the access to an OAuth2 protected resource is denied 57f2131eae
User avatar Thomas Gerbet (tgerbet) , 2020-02-17 16:15
OAuth2 access token are associated with scopes 6899cc6776
User avatar Thomas Gerbet (tgerbet) , 2020-02-18 15:53
OAuth2 access tokens can be used to query the REST API 9764d635c3
User avatar Thomas Gerbet (tgerbet) , 2020-02-19 16:33
OAuth2 access token have an expiration date 45a9c5f4e7
User avatar Thomas Gerbet (tgerbet) , 2020-02-20 12:30
REST authentication flow should log the rejections a5bd83f7a2
User avatar Thomas Gerbet (tgerbet) , 2020-02-20 12:28
Create the base architecture to create an OAuth2 access token from an authorization code cb1845714c
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 06:59
Clear all OAuth2 access tokens and associated scopes when the OAuth2 server plugin is uninstalled 7116ec2b1f
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 10:25
Cannot get an OAuth2 access token from an authorization code without TLS 40c6d08516
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 11:15
Reject requests to grant an OAuth2 access token with a not supported grant type b8bf5e21cb
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 15:00
Explicitely disable caching on the endpoint creating OAuth2 access tokens 7abe26fbb6
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 15:08
The authorization page should not be cached or accessed without TLS 5664794783
User avatar Thomas Gerbet (tgerbet) , 2020-02-24 17:38
Move the logic to parse an Authorization header with the Basic scheme outside the prometheus_metrics plugin 506b643892
User avatar Thomas Gerbet (tgerbet) , 2020-02-26 12:20
Authenticate app accessing the token endpoint d447c0b880
User avatar Thomas Gerbet (tgerbet) , 2020-02-26 22:11
Be consistent in the endpoint URLs of the authorization server 58460b316d
User avatar Thomas Gerbet (tgerbet) , 2020-02-28 17:02
Verify an hardcoded authorization code when creating an access token f17076d72e
User avatar Thomas Gerbet (tgerbet) , 2020-03-02 15:13
Accesses to the OAuth2 server should be visible by the instrumentation 19a09bc63e
User avatar Thomas Gerbet (tgerbet) , 2020-03-02 16:47
Validate redirect_uri parameter when issuing an access token c339a577aa
User avatar Thomas Gerbet (tgerbet) , 2020-03-02 19:50
Move code related to the authorization code when granting an access token into a subnamespace 2364beda8e
User avatar Thomas Gerbet (tgerbet) , 2020-03-03 15:00
An authorization code is generated each time the user approve the requested permissions 080ee89511
User avatar Thomas Gerbet (tgerbet) , 2020-03-10 15:55
Mark the authorization codes that has already been used 3f59dbb8f9
User avatar Thomas Gerbet (tgerbet) , 2020-03-11 17:37
Associate the delivered access tokens with their authorized grant 594c16764c
User avatar Thomas Gerbet (tgerbet) , 2020-03-12 10:25
Revoke authorization code and the associated access tokens if they are reused e3d3dd4cdf
User avatar Thomas Gerbet (tgerbet) , 2020-03-13 10:53
Authorization code of not active project cannot be used 66dcc86fec
User avatar Thomas Gerbet (tgerbet) , 2020-03-13 16:23
Move OAuth2 access tokens table in the oauth2_server plugin 5cae067f79
User avatar Thomas Gerbet (tgerbet) , 2020-03-16 18:38
Access tokens associated to an app in a not active project cannot be used de71c0473c
User avatar Thomas Gerbet (tgerbet) , 2020-03-17 10:45
Remove plugin_oauth2_authorization_code_access_token table (for real this time) e1ba5265b8
User avatar Thomas Gerbet (tgerbet) , 2020-03-17 15:58
Save scopes requested for each authorization 795b6e4293
User avatar Thomas Gerbet (tgerbet) , 2020-03-18 10:19
Access tokens have the scopes requested at the authorization 8902b25fc6
User avatar Thomas Gerbet (tgerbet) , 2020-03-18 14:22
Project admin can choose if the usage of PKCE [0] is mandatory or not when creating a new OAuth2 app 5c90773ab3
User avatar Thomas Gerbet (tgerbet) , 2020-03-18 17:28
PKCE code challenge is extracted from the authorization request and saved ffd4a60755
User avatar Thomas Gerbet (tgerbet) , 2020-03-19 12:09
Validate PKCE code verifier when delivering the access token in exchange of the authorization code 608986d544
User avatar Thomas Gerbet (tgerbet) , 2020-03-20 12:19
Create and save refresh token 4e42ec0b07
User avatar Thomas Gerbet (tgerbet) , 2020-03-23 11:31
Revoke access tokens via a revocation endpoint 1ff36f63bb
User avatar Joris MASSON (jmasson) , 2020-03-23 15:42
Extract from the access token controller the section relative to the auth code 336cfaa1c9
User avatar Thomas Gerbet (tgerbet) , 2020-03-24 11:19
Mutualize retrieval and saving of scope association with token|code 13cb8feb77
User avatar Thomas Gerbet (tgerbet) , 2020-03-24 16:02
Remove duplicate for the list of scopes given for the authorization request bf780ebebb
User avatar Thomas Gerbet (tgerbet) , 2020-03-24 14:59
Revoke refresh tokens via revocation endpoint 05c34a2eee
User avatar Joris MASSON (jmasson) , 2020-03-24 16:18
Cannot create an OAuth2 app that does not force the usage of PKCE 67a322e4a0
User avatar Thomas Gerbet (tgerbet) , 2020-03-24 18:02
Refresh token can be used to get a fresh access token 3a3d6a0828
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 10:21
Glossify OAuth2 pages fc3c7de9cb
User avatar Benjamin Dauton (bdauton_enalean) , 2020-03-26 10:24
Remove user preferences variants d36d7bb701
User avatar Joris MASSON (jmasson) , 2020-03-26 11:07
An access token can be refreshed with a reduced set of scopes bda090fa6d
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 12:16
Daily cleanup of the expired auth code, refresh and access tokens 0e7947ddbb
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 16:02
Remove OAuth2 test endpoint ae0e449bab
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 16:17
Add missing index on the plugin_oauth2_server_app table 56d839e245
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 17:15
Fix info level Psalm issues in the OAuth2 Server plugin d3ef19906b
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 17:39
Cleanup data when a project is deleted 1dfc90e4cb
User avatar Thomas Gerbet (tgerbet) , 2020-03-26 17:47
Move the declaration of the REST endpoint GET /projects/:id/trackers in the tracker plugin d6e55e4e3f
User avatar Thomas Gerbet (tgerbet) , 2020-03-27 14:01
Add a read only OAuth2 scope to access tracker information 4c4f09a521
User avatar Thomas Gerbet (tgerbet) , 2020-03-27 14:50
Display settings

Follow-ups

User avatar
Joris MASSON (jmasson)2020-02-14 10:00
gerrit #17787 integrated into Tuleap 11.11.99.64
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes