|
| 1 | +--- |
| 2 | +title: Week 2 |
| 3 | +author: Divij Sharma |
| 4 | +tags: [gsoc24, rest] |
| 5 | +--- |
| 6 | +<!-- |
| 7 | +SPDX-License-Identifier: CC-BY-SA-4.0 |
| 8 | +
|
| 9 | +SPDX-FileCopyrightText: 2024 Divij Sharma <divijs75@gmail.com> |
| 10 | +--> |
| 11 | + |
| 12 | +# Week 2 meeting and activities |
| 13 | + |
| 14 | +*(June 6,2024)* |
| 15 | + |
| 16 | +## Attendees: |
| 17 | + |
| 18 | +- [Divij Sharma](https://github.com/dvjsharma) |
| 19 | +- [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) |
| 20 | +- [Valens Niyonsenga](https://github.com/valens200) |
| 21 | + |
| 22 | +## Discussion: |
| 23 | + |
| 24 | + - No major updates since the last meeting. |
| 25 | + - Discussed the improvements that can be made in the REST API Version 2. |
| 26 | + - Discussed the implementation of OAuth 2.0 in the project. |
| 27 | + |
| 28 | +## Activities: |
| 29 | + |
| 30 | +- **OAuth 2.0** |
| 31 | + - Researched OAuth 2.0 and its application on production servers. Found the [Auth0 article](https://auth0.com/intro-to-iam/what-is-oauth-2) particularly helpful. Studied various architectural patterns for different flows to determine the best fit for our project. |
| 32 | + - Prepared a draft outlining the implementation details, focusing on two scenarios: |
| 33 | + |
| 34 | + - **For the API**: |
| 35 | + - Create an endpoint to add new clients, accepting `name`, `clientId`, and `scope`. |
| 36 | + - Another endpoint to configure FOSSology, accepting `appName`, `clientId`, `clientSecret`, `clientClaim`, `redirectUri`, and `discoveryUri`. The `discoveryUri` will be used to fetch other required endpoints. |
| 37 | + - Once these steps are completed, FOSSology will be configured to use OAuth 2.0. Users can obtain a token from their authorization server to access the FOSSology API. |
| 38 | + |
| 39 | + - **For the Web Application**: |
| 40 | + - Implement the Authorization Code Grant flow for the frontend. This requires a login page where users can log in and receive a code, which can be exchanged for a token to access the FOSSology API. |
| 41 | + - Researched libraries to implement this flow on the frontend. |
| 42 | + - On the server side, implement a mechanism to verify user credentials received from the server and issue a token to the user. |
| 43 | + |
| 44 | +- **REST API Version 2** |
| 45 | + - Reviewed the code and identified areas for improvement. |
| 46 | + - Found the following things which we can look into: |
| 47 | + - Status Codes: Particularly 204 (no content) |
| 48 | + - Adding pagination to all necessary endpoints |
| 49 | + - Using model classes for all major/minor responses |
| 50 | + - Test coverage |
| 51 | + - Authentication workflow |
0 commit comments