On 2/1/22 7:37 AM, Fabio Valentini wrote: > On Tue, Feb 1, 2022 at 12:37 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: >> >> -------- Forwarded Message -------- >> Subject: [Bugzilla-announce-list] Action Required: Bugzilla - API >> Authentication changes >> Date: Tue, 1 Feb 2022 12:28:13 +1000 >> From: Jeff Fearn <jfearn@xxxxxxxxxx> >> To: bugzilla-announce-list@xxxxxxxxxx >> >> Tl;dr From Monday 28th February, applications making API calls to Bugzilla may >> no longer authenticate using passwords or supplying API keys in call >> parameters. Instead, API keys must be supplied in the Authorization header. >> >> Support for using the Authorization header has been deployed to all Red Hat >> Bugzilla instances. You can change your code at any time and not have to wait >> for the old methods to be disabled. >> >> We will require all authenticated API usage to use this new method; this will >> break API access to Red Hat Bugzilla for any tools that don't use the >> Authorization header [1]. >> >> If you are not certain your tooling authenticates using this header then you >> need to take action to confirm it does and to modify your tooling to use it if >> it doesn't. >> >> This new method does away with logging in and out of the API and uses API_KEYs >> in a standard Authorization header. This header needs to be sent with every >> call to the API. >> >> The old methods will be disabled on a rolling basis across the RHBZ servers. >> >> Target Dates: >> >> https://bugzilla.stage.redhat.com - Mon 07th Feb 00:00 UTC >> https://bugzilla.redhat.com - Mon 28th Feb 00:00 UTC >> >> IMPORTANT >> >> If you attempt to use an old method to authenticate to the API after this >> change has been made, the API_KEY or password supplied will be treated as >> potentially compromised and invalidated immediately. If you supplied your >> password then you will need to follow the forgot password process to reset it. >> If you supplied an API_KEY it will have been banned and you will need to >> generate a new API_KEY in the UI. >> >> This invalidation will happen every time an attempt to use an outdated >> authentication method is detected. >> >> If you are using python-bugzilla you need to upgrade to version 3.2.0 which >> will automatically use the new method of authentication. >> >> If you are using other tools you will need to look into how they work and see >> how to adjust them to use the Authorization header instead of the other parameters. >> >> If you need assistance understanding how to update your applications, please >> reach out to us by the following means. >> >> - If you have an active subscription via https://access.redhat.com/support/ >> >> - If you are a Red Hat Partner then please contact your partner representative >> >> - Or email us at bugzilla-owner@xxxxxxxxxx >> >> The Red Hat Bugzilla Team. > > Hi Miro, > > Thanks for forwarding this announcement. > Apparently the talk about "improving communication between RHBZ and > the Fedora Project" has not born fruit yet. ;) > RHBZ devs contacted me twice about this change: once in the fall, which is when I added support to python-bugzilla git, and once in January requesting I push a release. crobinso + python-bugzilla != fedora, but there was some proactive communication Thanks, Cole _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
