Summary

Release Note

lava-tool supports making authenticated calls to servers that use linaro-django-xmlrpc for their API support.

Rationale

User stories

See https://wiki.linaro.org/Platform/Validation/Specs/XMLRPCAuthenticationTokens#User%20Stories

Assumptions

OAuth is too complicated. We use TLS (i.e. https).

Design

The way we envision this working is to use the facilities described in https://wiki.linaro.org/Platform/Validation/Specs/XMLRPCAuthenticationTokens to generate a token (which will be a 30-ish character ascii string). Once the token has been obtained it can be given to lava-tool:

$ lava-tool auth-add https://validation.linaro.org Paste token:

This will check that the token works and store it in the keying (using python-keyring). Then any api call to and endpoint on the given site (here https://validation.linaro.org) will include the token along with the request.

There will also be auth-list and auth-remove commands for manipulating the set of stored tokens.

Implementation

The auth-* commands are all pretty simple really. Wanting to support auth-list means that we'll store the tokens in a json or similar dict in a single key in the keyring.

We'll also provide a subclass of ServerProxy that uses the tokens for auth.

Unresolved issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.


CategorySpec CategoryTemplate

Platform/Validation/Specs/ClientSideAuthenticationTokens (last modified 2011-05-20 03:41:27)