Switch to Bugzilla API Keys for auth #19
Comments
Looks like this feature does not exist in 5.0, it'll be in 5.1. |
|
I've got a WIP prototype implementation I tried out on a branch here. I'm unclear how to get the users id to populate the "whoami" field though. I posted a question in the mozilla.dev.apps.bugzilla forums. https://groups.google.com/forum/#!topic/mozilla.dev.apps.bugzilla/MMAs_SSF6ag |
|
Well, I got my answer back. Nothing exists yet, but a new REST API call is in development and ironically enough will be called |
https://bugzilla.mozilla.org/show_bug.cgi?id=1307003 Will appear in Bugzilla 6.0. |
|
I noticed today the bugzilla.mozilla.org site doesn't accept token auth. I tried logging in via our demo URL and got an error: "API key authentication is required." |
|
Well our server already has the API ability, and the way we implemented token, should be simple refactor. |
We currently use Bugzilla tokens for authentication, but there are a couple problems with them:
and we don't handle that well yet, but we couldThe best alternative looks like Bugzilla API Keys.
An API Key can be created through the Bugzilla user prefs page (API Keys tab) and then pasted into our app (instead of providing a user and password) and never expire until revoked.
http://bugzilla.readthedocs.org/en/latest/api/core/v1/general.html#authentication
The even slicker way of using API Keys is something called "authentication deligation". The user would click the Login button in our app, it would redirect them to a sign-in page on the Bugzilla instance and then return them back to our app when successfully authenticated. However we're unsure how to enable that
auth.cgipage in the example so for now this step seems a reach.http://bugzilla.readthedocs.org/en/latest/integrating/auth-delegation.html#auth-delegation
The text was updated successfully, but these errors were encountered: