DFurnes
commented
4 years ago I filled in the <...> link to the list of approved domains in b8a9766.
Closed DFurnes closed 4 years ago
DFurnes
commented
4 years ago I filled in the <...> link to the list of approved domains in b8a9766.
DFurnes
commented
4 years ago Going to merge this in. Happy to address any additional feedback in follow-up PRs!
What's this PR do?
This pull request adds support for creating and destroying short-links using OAuth tokens. This will allow our front-end to communicate directly with Bert, without needing an intermediary endpoint in Phoenix.
How should this be reviewed?
This ended up being a bit of a whopper, sorry! Most of the weight is from tests/mocks:
📛 Adds ability for Bert to fetch Northstar's public key via OpenID Discovery. This is what lets Bert (and other services, like Rogue) to validate tokens made by Northstar. For testing, I included a mock that uses a local public key. 56963c4
🔑 Updates our authentication middleware to support OAuth tokens. It will return
401for requests without any authentication or "bad" authentication (wrong static token, expired OAuth token, etc). c5a1cb4🚥 Adds some test & request helpers (so that it's easy to mock different authentication states in our tests, and so it's easy to grab information from OAuth tokens wherever we need it). 23e7040
🌟 Finally, the main event! We use all that to update the "createLink" and "destroyLink" methods to accept OAuth tokens. (So anyone can shorten a link, but only staffers can shorten non-DS URLs, and only admins can delete links once they've been shortened). c6515a8
Any background context you want to provide?
This was a stretch goal, but I'm really happy I was able to fit it in! This lets us remove some unnecessary cruft from Phoenix & could unlock some cool features down the line.
Relevant tickets
References Pivotal #172865466.
Checklist