Brad-eki
commented
5 years ago Any advice @dlo? do you know if any of the earlier players in OAuth2 support are still around to help out? Any new players who are interested?
Closed Brad-eki closed 5 years ago
Brad-eki
commented
5 years ago Any advice @dlo? do you know if any of the earlier players in OAuth2 support are still around to help out? Any new players who are interested?
Brad-eki
commented
5 years ago Support for Harvest API v2 now supports OAuth2 to varying lengths. There are examples in the harvest_test.py.
Have introduced some dataclasses to help manage authentication.
Personal Access Tokens are supported. create a PersonalAccessToken object and pass it in as you construct Harvest().
"Client side" tokens are supported. Authentication needs to be taken care of, and a OAuth2_ClientSide_Token needs to be created. Then you can pass the OAuth2_ClientSide_Token in as you construct Harvest(). Client side tokens are not currently refreshed, are not persisted, and are not introspectable.
"Server side" is mostly supported. Authentication needs to be taken care of, and a OAuth2_ServerSide needs to be created, of which has a sub-object OAuth2_ServerSide_Token. Once the OAuth2_ServerSide is created you can pass it in as you construct Harvest(). Server side tokens are not currently persisted, and are not introspectable. Server Side supports refreshing tokens in memory.
dlo
commented
5 years ago This is amazing, thanks @Brad-eki !
Hi Everyone,
I am new to OAuth2 but would like to support it in the move to Harvest API v2 (if that's worthwhile). To do this I need to know about the use cases of python-harvest and where it would be used in conjunction with OAuth2. I am guessing it is in a web app or mobile app context...?
Is there a need to support Cross-Origin Resource Sharing to get python-harvest to work with OAuth2? (eg; authenticate elsewhere and pass authority to an instance of python-harvest)
I have found a tutorial and sample code which steps through the various flows of OAuth2 (link below). Through this I have made a client that uses the Authorization Code flow with Harvest. from what I have seen going through this tutorial, the best approach might be to make a flask-harvest client and leave the plain-old-python integration use cases to the Personal Access Token.
https://medium.com/@ratrosy/building-a-basic-authorization-server-using-authorization-code-flow-c06866859fb1
Be warned, if you go down the above path you will need to support HTTPS to use Harvest. Be prepared to make self-signed certificates and register your own authority.
As things stand I am confused as to how the current support for OAuth2 works. It doesn't seem to align with any of the flows I have seen.