Closed eik-dahms closed 3 weeks ago
Thank you for this PR. If we would merge this in right now would everything still work or do we need to change something on the datahubs? @eik-dahms
So the question is how we migrate to this authentication method.
If you would merge this everything works as before. (I have tested that) Meaning the existing hosts with secret entry will still use the client_id and secret method.
The new method will only be used if a host is missing the secret entry.
If you want to migrate existing hosts I would register a new App in GitLab with the confidential setting turned of (as described above) because when I tried toggling the confidential setting with an existing App registration it did not work.
Thank you! Then this is good to go.
In the current version of ARCitect client ids and secrets have to be stored in code. It would be nice to avoid storing the secrets in code. This can be avoided by using PKCE flow. Here I implemented this in DataHubService.ts.
The PKCE will be used if a datahub entry in Credentials does not contain a "secret" field.:
The previous authentification method is still possible
pkce will only work if confidential is turned off - and I assume that then client_id/ client_secret method will not work anymore.
Not thouroughly tested. But from receving the token/refresh token everything should be the same as before.