Hey Ondrej!
On Wed, Mar 16, 2022 at 12:50 AM Ondrej Nosek <onosek@xxxxxxxxxx> wrote:
> I don't have expertise in Irish holidays (I know there is one on this Thursday), so I don't know how much time I have.
This was my attempt at a joke: I was suggesting the worst possible moment, when everybody is on holiday. Yeah, the only thing worse than a bad joke is a bad joke that has been explained.
> I am a developer of fedpkg and as I understand it - it needs to be
modified, right? Fedpkg depends on bodhi-client.
I see that you're importing from bodhi.client and using the BodhiClient class, so yeah changes are definitely needed. I'll try to send you a PR.
Do you know why you needed to use the bodhi subclass instead of just calling the CLI? If the bodhi client incorporated the changes you've made in the subclass, would it be enough for you, or do you see changes that are really fedpkg-specific? If so, we could add command-line switches if necessary.
> I missed this request so, I haven't planned this yet.
You should have time, if you update to the latest bodhi-client (5.7.5). This version will be compatible with the updated server as it will know to request openid authentication specifically.
But switching to OIDC is of course preferrable.
> Fedpkg already uses openidc authentication for some modules, so
this is not something completely new.
Ah, that's interesting. I see that you're using the oidc-client library that Patrick wrote.
> On the other way, I personally run
fedpkg and similar tools in docker/podman container (without GUI). The
reason is testing on different environments. Otherwise, my laptop would
be messed with numerous libraries over time. But I read about the
possible feature, that would allow input of the "token" (generated in
the web browser). This could make usage more practical for me.
Yes, I'm not using Patrick's library in Bodhi, because we wanted to focus on using Authlib which does all the OIDC-specific heavy lifting for us. In bodhi-client I have written a generic OIDC client class based on Authlib that could be reused by OIDC clients of other applications. I haven't splitted it off Bodhi yet because I didn't know if other projects would be interested, but it could certainly be done. This class is able to do Out Of Band authentication (coming soon to Ipsilon!), which helps when running the client on a different machine/VM/container than where the browser is running, as you understood right.
If you want to try and use it, it's currently in Bodhi's source, but I would suggest you wait until we split it off Bodhi to officially use it, so you don't have to change your imports later. You can totally prototype with it in the meantime however.
> What is the major version number you are talking about?
The client version that everybody should run at the moment is 5.7.5, as it will be compatible with the updated server when we deploy it. The next major release will be 6.0.0.
I hope this helps, and if you have any questions please feel free to ask me.
Aurélien
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
