patricksimonian
commented
5 years ago documize does have a search api which is quite nice!
Closed sheaphillips closed 5 years ago
patricksimonian
commented
5 years ago documize does have a search api which is quite nice!
patricksimonian
commented
5 years ago I have hit a big blocker trying to authenticate against our documize instance.
the api auth mechanism is clunky and requires two api calls. One to authenticate a user based on their email/pw and the second call to interact with the desired end point
it looks like the auth is failing possibly due to not being able to authenticate properly against key cloak ?
if those were working, converting the documize graphql datasource would be fairly trvial.
sheaphillips
commented
5 years ago hmmm.. looking at the flow, the element that is returned by authentication call is a JWT and then this is provided to the API as a Bearer token in the Authorization header. In our config, KeyCloak is normally the one providing the JWT. Soooo...perhaps we need to initially auth against KeyCloak instead of Documize to get a JWT to send back to Documize? This might be considered a "service account" in KeyCloak land but I'm not sure... Hopefully google-o-tron knows more...
On Mon, Sep 23, 2019 at 2:00 PM Patrick Simonian notifications@github.com wrote:
I have hit a big blocker trying to authenticate against our documize instance. findings
-
the api auth mechanism is clunky and requires two api calls. One to authenticate a user based on their email/pw and the second call to interact with the desired end point
it looks like the auth is failing possibly due to not being able to authenticate properly against key cloak ?
if those were working, converting the documize graphql datasource would be fairly trvial.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/bcgov/devhub-app-web/issues/982?email_source=notifications&email_token=AAFKSIVYQ5BOWBGLQHLZIMLQLEU7RA5CNFSM4IYOKJO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7MIDQY#issuecomment-534282691, or mute the thread https://github.com/notifications/unsubscribe-auth/AAFKSIRSXEHLKUY4ZVEWMM3QLEU7RANCNFSM4IYOKJOQ .
patricksimonian
commented
5 years ago Good thinking! I'll take a look into this. It does lead to a bespoke way of 'authenticating requests against documize. I think that's okay if only we want to run a 'docugate' but for users that don't leverage keycloak, they'd have to leverage a plugin point or hook to 'auth before request'. Something we'd have to build into the gateway.
sheaphillips
commented
5 years ago you're thinking of implications of docugate? e.g. things would be different based on whether you use OIDC /SSO / KeyCloak or auth against Documize directly...correct, but that could also be factored into a plugin/config point as well - like an outbound "middleware"...kinda like the way the Apollo REST Data Source works...
On Mon, Sep 23, 2019 at 2:40 PM Patrick Simonian notifications@github.com wrote:
Good thinking! I'll take a look into this. It does lead to a bespoke way of 'authenticating requests against documize. I think that's okay if only we want to run a 'docugate' but for users that don't leverage keycloak, they'd have to leverage a plugin point or hook to 'auth before request'. Something we'd have to build into the gateway.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/bcgov/devhub-app-web/issues/982?email_source=notifications&email_token=AAFKSIUGVX7QEVMBH7UKPWDQLEZWJA5CNFSM4IYOKJO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7MLPDI#issuecomment-534296461, or mute the thread https://github.com/notifications/unsubscribe-auth/AAFKSIRLXE7UFOZAKPXFGWLQLEZWJANCNFSM4IYOKJOQ .
patricksimonian
commented
5 years ago i have a dev docugate service running as a demo https://docugate-dev-1-devhub-dev.pathfinder.gov.bc.ca
patricksimonian
commented
5 years ago
We would like to understand the effort involved and utility of integrating the DevHub search functionality with Documize. The intent would be to provide a similar UX to what we've already done with GitHub and Rocket.Chat using a similar architecture (Search.Gate + Documize.Gate).
Specific issues to explore/de-risk:
DoD: