tfgrid/circle_engineering
22
0
Fork 0
Code Issues 61 Pull Requests Packages Projects 1 Releases Wiki Activity

Single Sign On Research for our future Web Apps #1

New Issue
Open
opened 2024-03-05 03:08:48 +00:00 by despiegk · 6 comments
despiegk commented 2024-03-05 03:08:48 +00:00
Owner
Copy Link

see how to best do SSO for our apps

deliverables

  • check how we can do oauth with https://git.ourworld.tf/org/tfgrid/settings/applications
    • build python web app to demonstrate principle
    • login into the web app login through a git.ourworld.tf account
    • demonstrate how the web app knows which user it is and where the profile of the user is on the git...
    • demonstrate how to call api from gitea using account of user to e.g. see open issues
    • see story in hero_server repo
  • https://civic.me/ might be our identity provider for tfgrid 4.0 because integration with Solana
    • show how someone can login into a python powered web app with civic (Solana phantom wallet)
    • demonstrate how the server knows which user it is and which verification level, as well as profile info on civic
    • see how this can be used to do SSO on gitea (git.ourworld.tf) and how we can use this to register on the gitea
  • integration with Solana
    • show how from a html/js page we can use solana phantom wallet to sign a string
    • show example how we use redis as backend to remember the user so that e.g. a flet or vweb app can use this login info (use a jwt)
    • show how to verify that the signature belongs to a certain user and link back to civic and check validity
    • show how we can see account which belongs to the logged in phantom wallet
  • KYC
    • chose KYC provider, chekc sabrina
    • make example webpage to demonstrate how it works

requirements

links

see how to best do SSO for our apps ## deliverables - [x] check how we can do oauth with https://git.ourworld.tf/org/tfgrid/settings/applications - [ ] build python web app to demonstrate principle - [x] login into the web app login through a git.ourworld.tf account - [ ] demonstrate how the web app knows which user it is and where the profile of the user is on the git... - [ ] demonstrate how to call api from gitea using account of user to e.g. see open issues - see story in hero_server repo - [ ] https://civic.me/ might be our identity provider for tfgrid 4.0 because integration with Solana - [ ] show how someone can login into a python powered web app with civic (Solana phantom wallet) - [ ] demonstrate how the server knows which user it is and which verification level, as well as profile info on civic - [ ] see how this can be used to do SSO on gitea (git.ourworld.tf) and how we can use this to register on the gitea - [ ] integration with Solana - [ ] show how from a html/js page we can use solana phantom wallet to sign a string - [ ] show example how we use redis as backend to remember the user so that e.g. a flet or vweb app can use this login info (use a jwt) - [ ] show how to verify that the signature belongs to a certain user and link back to civic and check validity - [ ] show how we can see account which belongs to the logged in phantom wallet - [ ] KYC - [ ] chose KYC provider, chekc sabrina - [ ] make example webpage to demonstrate how it works ## requirements - [ ] well documented so all can be repeated - [ ] do POC on https://git.ourworld.tf/projectmycelium/hero_server ## links - https://git.ourworld.tf/projectmycelium/hero_server/issues/5
despiegk added the
Story
 label 2024-03-05 03:08:48 +00:00
despiegk added this to the (deleted) project 2024-03-05 03:08:48 +00:00
despiegk added the
Urgent
 label 2024-03-05 03:50:49 +00:00
despiegk changed title from Single Sign On Research in Relation to Solana to Single Sign On Research for our future Web Apps 2024-06-02 05:01:24 +00:00
despiegk added this to the tfgrid_3_14 project 2024-06-02 05:01:31 +00:00
despiegk modified the project from tfgrid_3_14 to go2market 2024-06-02 05:01:38 +00:00
despiegk removed the
Urgent
 label 2024-07-07 04:54:24 +00:00
despiegk commented 2024-07-07 04:54:50 +00:00
Author
Owner
Copy Link

lets first focus on the parts in python and gitea see
projectmycelium/hero_server#5

lets first focus on the parts in python and gitea see https://git.ourworld.tf/projectmycelium/hero_server/issues/5
despiegk added this to the later milestone 2024-07-07 04:54:57 +00:00
despiegk modified the project from go2market to tfgrid_3_17 2024-07-28 06:55:02 +00:00
despiegk commented 2024-07-28 07:12:52 +00:00
Author
Owner
Copy Link

TO FIX (see further comments, suggest to wait till we know more about caddy approach)

we should agree on which webserver we will use in python

  • https://github.com/sparckles/Robyn seems to be quite interesting
    • can we get tabella to work on it?
    • can we get our oauth to work on it
    • if not this one which one is best, we want to replace our caddy with this one, because we need one per hero and we need python anyhow, we want to run all in 1 process !!! for memory conservation
    • requirements
      • letsencrypt (can be as add on)
      • all runs on 1 process we can use JQ if we need jobs to be run async, will start the JQ agents dynamically in future as needed from the webserver
      • serve static files e.g. our mdbook files
      • do authentication on the static directories
      • have openrpc interface (tabella)
      • openrpc is based on https://python-openrpc.burkard.cloud/ which is also base of 'tabella'

remark about PIP

# TO FIX (see further comments, suggest to wait till we know more about caddy approach) we should agree on which webserver we will use in python - https://github.com/sparckles/Robyn seems to be quite interesting - can we get tabella to work on it? - can we get our oauth to work on it - if not this one which one is best, we want to replace our caddy with this one, because we need one per hero and we need python anyhow, we want to run all in 1 process !!! for memory conservation - requirements - letsencrypt (can be as add on) - all runs on 1 process we can use JQ if we need jobs to be run async, will start the JQ agents dynamically in future as needed from the webserver - serve static files e.g. our mdbook files - do authentication on the static directories - have openrpc interface (tabella) - openrpc is based on https://python-openrpc.burkard.cloud/ which is also base of 'tabella' remark about PIP - please use the way how we use pip in our hero team, don't do your own - see https://git.ourworld.tf/projectmycelium/hero_server readme.md how to use
despiegk removed this from the later milestone 2024-07-28 07:13:48 +00:00
despiegk commented 2024-07-28 07:14:31 +00:00
Author
Owner
Copy Link

there is still a lot missing on this story

  • KYC, see Sabrina which one to use, was an easy one, tell kristof, lets get account in TF DMCC and TFTech
there is still a lot missing on this story - KYC, see Sabrina which one to use, was an easy one, tell kristof, lets get account in TF DMCC and TFTech
despiegk self-assigned this 2024-07-28 07:19:21 +00:00
thabeta was assigned by despiegk 2024-07-28 07:19:22 +00:00
despiegk added a new dependency 2024-07-28 08:38:37 +00:00
#77 Gitea templates & rebranding
despiegk commented 2024-07-29 06:04:13 +00:00
Author
Owner
Copy Link

have been experimenting with Robyn yesterday,
is too early

then started playing with extending Caddy, this might be a better solution, suggest to pause the effort on python oauth, we have a version which works so we can try with caddy plugins, some seem to be very cool,

i'll feed back on it

see https://incubaid.zulipchat.com/#narrow/stream/447447-dev_hero/topic/web.20framework to discuss

have been experimenting with Robyn yesterday, is too early then started playing with extending Caddy, this might be a better solution, suggest to pause the effort on python oauth, we have a version which works so we can try with caddy plugins, some seem to be very cool, i'll feed back on it see https://incubaid.zulipchat.com/#narrow/stream/447447-dev_hero/topic/web.20framework to discuss
sabrinasadik commented 2024-07-29 12:31:04 +00:00
Owner
Copy Link

there is still a lot missing on this story

  • KYC, see Sabrina which one to use, was an easy one, tell kristof, lets get account in TF DMCC and TFTech

See overview of KYC providers here: https://docs.google.com/spreadsheets/d/1QfKYvNVvONoC6PhlVB-3nnu_NHfC6BdPfvL81Ywq5iM/edit?gid=0#gid=0

We decided Idenfy was the best option for us. Do you want me to go ahead and create accounts for TF DMCC and TFTech with them?

> there is still a lot missing on this story > > - KYC, see Sabrina which one to use, was an easy one, tell kristof, lets get account in TF DMCC and TFTech See overview of KYC providers here: https://docs.google.com/spreadsheets/d/1QfKYvNVvONoC6PhlVB-3nnu_NHfC6BdPfvL81Ywq5iM/edit?gid=0#gid=0 We decided Idenfy was the best option for us. Do you want me to go ahead and create accounts for TF DMCC and TFTech with them?
thabeta removed their assignment 2024-08-01 11:52:16 +00:00
thabeta commented 2024-08-01 11:52:38 +00:00
Member
Copy Link

no capacity for me to look into this one

no capacity for me to look into this one
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
  
Issue

   
Question

   
Roadmap

   
Story

   
Task

   
Urgent
No Label
Issue
Question
Roadmap
Story
Task
Urgent
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
tfgrid_3_17
Assignees
Clear assignees
No Assignees
despiegk
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Depends on
#77 Gitea templates & rebranding
tfgrid/circle_engineering
Reference: tfgrid/circle_engineering#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?