-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication roadmap #1368
Comments
@lmignon @hparfr @sebastienbeau things are taking shape on the authentication front following our recent discussions in Valencia. cc/ @simahawk @acsonefho @xavier-bouquiaux @Cedric-Pigeon @marielejeune @AnizR This is the simplest I can imagine so far... and it's still too complex to my taste, but that's probably the price to pay to deploy those API in Odoo, ability to extend these API, have auth configuration per database, and compatibility between base_rest and fastapi services. Suggestions welcome. If you want to do a call to discuss with higher bandwidth, let me know. |
Thanks for opening this issue to track all the work. |
IMO it should. But it could be the result of the additional layer introduced by shopinvader on top of
🤔 🤔 🤔 The |
@lmignon my understanding is that shopinvader.partner is only used to find the res.partner for a given site. But once we have found the res.partner, it is the one we use. If correct it means that we don't need a shopinvader.partner for anonymous partners. A given anonymous partner could have access to different sites, that should not be a problem. So maybe the issue is not so big after all. |
Everything is backported to 14. Juste one test CI issue to resolve in #1378. |
Ok, everthing works. I think the last bit missing is to integrate the cookie mode with base_rest_auth_jwt. |
Actually since the cookie mode is implemented in So unless some To unlock the merge chain, a second review in OCA/server-auth#531 is needed. |
This issue is consolidating the efforts around shopinvader frontend partner authentication, in
base_rest
andfastapi
services, and with the new cookie-based anonymous partner concept discussed in Valencia.auth_jwt
auth_jwt
,auth_public_or_jwt
)request.jwt_partner_id
auth_jwt
andauth_jwt_demo
improvements from 16.0 OCA/server-auth#531base_rest_auth_jwt
base_rest
fastapi_auth_jwt
fastapi
withauth_jwt
auth_jwt
validators and obtain the authenticated partnershopinvader_anonymous_partner
shopinvader_auth_jwt
auth_jwt
and shopinvader/shopinvader_jwt
endpointbase_rest_auth_jwt
? => because ofshopinvader.partner
, but...shopinvader_anonymous_partner
and return the anonymous partner if there is one?shopinvader_fastapi_auth_jwt
authenticated_partner
FastAPI dependency that returns either the authenticated partner fromfastapi_auth_jwt
if the request is authenticated, or the anonymous partner fromshopinvader_anonymous_partner
, or raise a 401 is both failed. The idea here is that an anonymous partner obtains the same access as a regular partner (i.e. see own records - cart, SO, invoices, etc).The text was updated successfully, but these errors were encountered: