Jump to content

User talk:Taavi/EnhancementProposals/Toolforge API authentication decoupling MVP

From Wikitech

Is a new service needed?

Latest comment: 7 months ago1 comment1 person in discussion

The api-gateway (https://gitlab.wikimedia.org/repos/cloud/toolforge/api-gateway) already implements the <code>/auth</code> endpoint, isn't that what is being described here? (that currently authenticates using certs, but could be easily extended to do anything else)

Among others, that will simplify the need to get a new name xd (naming is hard) DCaro (WMF) (talk) 08:20, 20 May 2025 (UTC)Reply

Using idp as backend for both striker and api

Latest comment: 7 months ago1 comment1 person in discussion

If we use the idp.w.c, then we can authenticate separatedly between striker/toolforge ui and the API, as in, reusing the standard SSO flows to get users authenticated on both sides, avoiding the need for (our own) centralized auth service right?

There's some of those flows also being looked into here https://phabricator.wikimedia.org/T363983 DCaro (WMF) (talk) 08:23, 20 May 2025 (UTC)Reply

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=User_talk:Taavi/EnhancementProposals/Toolforge_API_authentication_decoupling_MVP&oldid=2303154"