Ticket flow

[michielbdejong]

When the user hits https://sram-auth-poc.pondersource.net/api/front?client_id=b1d13c47-0055-447a-bc7f-04417cb50d7e&ticket=ebd01ef809c897a2263ca588 they can approve the ticket from the client, and then the TicketController can return done truthfully, and include an access token and refresh token there.

So we need to add this FrontController, maybe add a db table for tickets, and then that db table links the FrontController and the TicketController together.

Then clean up the other screens so that the screens you see in the demo minimally show this flow, and there are no distractions from other views/flows.

[michielbdejong]

I need to think of how to weave the FrontController together with the existing AuthorizeController, LoginController and OidcController. Maybe:

• FrontController checks for a login cookie. If missing, redirect to LoginController and back
• FrontController harvests the clientId and ticket from the URL
• FrontController checks in the db whether the ticket requires RO review
• If so, redirect to ScopesController and back
• FrontController displays the RO review result

I think I'll just trash the existing controllers to make them do what I need for the Ticket flow. For instance, the LoginController is now hard-coded to redirect to the AuthorizeController after login. I'll change that so it redirects to the FrontController instead. Also I might remove password-based login and maybe even redirect straight to SRAM from the FrontController instead of showing the login template with the SRAM link.

[michielbdejong]

The AuthorizationController never renders a template. It can do three things, and all three are redirects:

• to login
• to scopes
• back to the client UI

[michielbdejong]

Maybe I should change the AuthorizationController so that it does these three things, but for tickets. And then the FrontController only servers the results page.

[michielbdejong]

I'll add a TicketController that is a copy of the AuthorizationController, but for tickets instead of for OAuth.

[michielbdejong]

Actually I'll call it the FrontController, and then add a ResultController.

[michielbdejong]

I can't get Prisma to accept my schema change. Even if I remove the OAuthToken model and add it back, prisma complains. So it looks like this migration was not generated by the same version of prisma:

$ prisma migrate dev
Environment variables loaded from .env
Prisma schema loaded from prisma/schema.prisma
Datasource "db": PostgreSQL database "prismadb" at "localhost:8888"

Error: P3006

Migration `20240531083520_` failed to apply cleanly to the shadow database. 
Error:
ERROR: foreign key constraint "Ticket_clientId_fkey" cannot be implemented
DETAIL: Key columns "clientId" and "id" are of incompatible types: text and uuid.
   0: sql_schema_connector::validate_migrations
           with namespaces=None
             at schema-engine/connectors/sql-schema-connector/src/lib.rs:324
   1: schema_core::state::DevDiagnostic
             at schema-engine/core/src/state.rs:268

For now, I'll store tickets in memory. That's not such a bad idea anyway.

[michielbdejong]

mostly done. follow-up: #60