ARCH-603: Retrieve and map user_id scope. #59
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nasthagiri
reviewed
Mar 26, 2019
auth_backends/backends.py
Outdated
| # - See https://github.com/edx/edx-platform/blob/1dd1d25bc44cff99cec849ff4695bb1dc92ddac1/lms/djangoapps/oauth2_handler/handlers.py#L57 | ||
| # 2. Should this 'user_tracking_id' be removed if it is overwritten in EdXOpenIdConnect? | ||
| # 3. Even if 'user_tracking_id' is sent, who uses it? Maybe edx-analytics-dashboard? | ||
| 'user_tracking_id': 'user_tracking_id', |
There was a problem hiding this comment.
This field is set only with OpenID Connect. So you can remove it from here. (Already exists in EdXOpenIdConnect.)
robrap
commented
Mar 27, 2019
Contributor
Author
robrap
left a comment
robrap
left a comment
There was a problem hiding this comment.
@nasthagiri @douglashall: This is ready for full review.
| """ | ||
| Ensure that `user_id` stays in EXTRA_DATA. | ||
| """ | ||
| self.assertEqual(self.backend.EXTRA_DATA, [('user_id', 'user_id', True)]) |
Contributor
Author
There was a problem hiding this comment.
FYI: I didn't want to do an integration test, and I want to ensure this doesn't get lost, so I added a silly simple test.
robrap
changed the title
douglashall
reviewed
Mar 28, 2019
|
|
||
| DEFAULT_SCOPE = ['user_id', 'profile', 'email'] | ||
| discard_missing_values = True | ||
| EXTRA_DATA = [('user_id', 'user_id', discard_missing_values)] |
Contributor
There was a problem hiding this comment.
How is EXTRA_DATA used?
Contributor
Author
There was a problem hiding this comment.
@douglashall: I added the comment above to address your question. I also adjusted the commit comment, which you are welcome to review.
douglashall
approved these changes
Mar 28, 2019
BREAKING CHANGE: The user_id scope is now required when using the EdXOAuth2 backend for oAuth+SSO. This means that the oauth application must first be configured to have access to the user_id scope, which is not available by default. The backend will then pull the user_id from the JWT and store it in the UserSocialAuth.extra_data field. ARCH-603
robrap
force-pushed
the
robrap/ARCH-603-ecommerce-analytics
branch
from
99d9e60 to
f955e55
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This library update will be needed by ecommerce in order to get the lms user_id passed through appropriately.
IMPORTANT: This change requires https://github.com/edx/edx-platform/pull/20057 to land before we upgrade services, otherwise edx-platform will send invalid_scope errors.
Additionally, oauth applications are required to have access to the
user_idscope in order for this not to break oAuth+SSO flow. There is some follow-up work to ensure this is done for the apps using this flow (ecommerce, credentials, registrar).ARCH-603