Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(report): REST APIs week 2 report #214

Merged
merged 1 commit into from
Jun 19, 2024
Merged

chore(report): REST APIs week 2 report #214

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions docs/2024/rest/updates/2024-06-06.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
title: Week 2
author: Divij Sharma
tags: [gsoc24, rest]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0

SPDX-FileCopyrightText: 2024 Divij Sharma <divijs75@gmail.com>
-->

# Week 2 meeting and activities

*(June 6,2024)*

## Attendees:

- [Divij Sharma](https://github.com/dvjsharma)
- [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
- [Valens Niyonsenga](https://github.com/valens200)

## Discussion:

- No major updates since the last meeting.
- Discussed the improvements that can be made in the REST API Version 2.
- Discussed the implementation of OAuth 2.0 in the project.

## Activities:

- **OAuth 2.0**
- Researched OAuth 2.0 and its application on production servers. Found the [Auth0 article](https://auth0.com/intro-to-iam/what-is-oauth-2) particularly helpful. Studied various architectural patterns for different flows to determine the best fit for our project.
- Prepared a draft outlining the implementation details, focusing on two scenarios:

- **For the API**:
- Create an endpoint to add new clients, accepting `name`, `clientId`, and `scope`.
- Another endpoint to configure FOSSology, accepting `appName`, `clientId`, `clientSecret`, `clientClaim`, `redirectUri`, and `discoveryUri`. The `discoveryUri` will be used to fetch other required endpoints.
- Once these steps are completed, FOSSology will be configured to use OAuth 2.0. Users can obtain a token from their authorization server to access the FOSSology API.

- **For the Web Application**:
- Implement the Authorization Code Grant flow for the frontend. This requires a login page where users can log in and receive a code, which can be exchanged for a token to access the FOSSology API.
- Researched libraries to implement this flow on the frontend.
- On the server side, implement a mechanism to verify user credentials received from the server and issue a token to the user.

- **REST API Version 2**
- Reviewed the code and identified areas for improvement.
- Found the following things which we can look into:
- Status Codes: Particularly 204 (no content)
- Adding pagination to all necessary endpoints
- Using model classes for all major/minor responses
- Test coverage
- Authentication workflow