What is Open Authentication (OAuth) briefly?
OAuth is a protocol that enables users to grant access permissions to third party applications to access their resources on a given server(s) without having to provide their credentials (username/password) to that application.
Consumer/Client = application = jic in our case
Resource Owner = user = Linaro employees
Service provider = server = Linaro instance(s) of JIRA
In order to setup OAuth for jic we have to perfrom an "OAuth dance", in which the above mentioned love triangle go throw specific steps to perform the grant of the access token to jic.
What is OAuth dance?
An OAuth dance is the performing of the procedure necessary to complete the granting of an access token to the application to access the user resources on the server and it comprises of the following three steps respectively:
- This is the first step where the application (jic) will ask the JIRA server to grant him access to a Linaro employee resources. The JIRA server will issue a temporary token to the application to be used in the next step.
- Here the server will open in the user browser an authorization dialogue asking the user to Allow or Deny jic to access the user resources on JIRA.
Access Token Grant
- After user agrees to allowing jic to access JIRA in the browser, the JIRA server will exchange the temporary token mentioned in the first Request step with a permanent access token that jic can use.
Recommended setup of jic
As of the time of writing this wiki, there is a bug in newer versions of tlslite specifically versions >=0.4.4 which will cause the OAuth dance to fail. Therefore it is recommended to install version 0.4.3 or older for OAuth dance to complete successfully with jic. BUT, if you issue a pip list command in your terminal you may see newer version of tlslite that is currently used by some other applications you use. So we highly recommend using virtualenv specific to jic in which we will install jic's specific dependencies. The easiest way to use virtualenv is to install virtualenvwrapper to make our lives much easier when we come to use jic or ther applications. The recommended optimum method is to have a virtualenv for every application we use in order to avoid polluting our global system python installation. With virtualenvwrapper, all we need to do is to issue workon [env-name] command to switch to any virtual environment specific to a given application. Once done we issue deactivate and we are back to our system python. To setup jic properly and cleanly, type in your command line:
sudo pip install virtualenv
sudo pip install virtualenvwrapper
This will create and activate virutal environment exclusive to jic where we can install jic dependencies and the specific version of tlslite required for the jic OAuth dance.
Once we are done using jic, we simply type deactivate to go back to our original system python environment. To work on jic again we simply issue workon <chosen-jic-env-name> to activate jic's environment.
NOTE: It is best to create and use virtualenv specific to every python application/tool we use in order to keep our system clean and isolated from specifics of each tool required installations.
Performing the OAuth dance
Once we have installed jic dependencies, and upon first run of the script, it should create a ".jic" directory in user home directory. To perform OAuth dance between jic and 'https://email@example.com', nicknamed as 'my_staging' for example :
Copy the config file that comes with jic into ".jic" directory under your home directory.
type jic servers add my_staging url:https://firstname.lastname@example.org user:email@example.com
type jic servers dance my_staging jic.pem
- you should see this in your browser
- you should see this in your browser
After you click allow, you should see this in your terminal
type 'y' and you are done and now you can use jic without credentials.
Process/how to set up open authentication for jic (last modified 2014-11-03 22:54:49)