Flask-oidc

Purpose

Flask-oidc is a library used across the Fedora infrastructure. For its authentication it the oauth2client library is used. This is now deprecated and no longer maintained. This will need to be replaced.

Resources

• Flask-oidc code: https://github.com/puiterwijk/flask-oidc

• Bodhi implementation: https://github.com/fedora-infra/bodhi/tree/develop/bodhi-server/bodhi/server/auth

• Authlib docs: https://docs.authlib.org/en/latest/basic/index.html

Investigation

Here is the list of ideas/things we discussed/looked at:

• Oauthlib vs Authlib
• Authlib

Conclusions

Authlib is the new industry standard and looks to be a suitable replacement for oauth2client. The flask-oidc code would need to be rewritten to replace all the oauth2client code.

The flow of the code would need to be adjusted to work with the new library. Google-auth and authlib were looked at for this investigation and it was suggested that authlib looks a better replacemnt.

Proposed Roadmap

1. Find all instances of ouath2client code in the current flask-oidc code

2. Map the functionality of this code and what will be needed from the new library

3. Write the flow to replicate this functionality using the new library

4. Cut a new release using the updated code

5. (Optional) Update all appps in the Fedora infra which require this module