You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2015/02/09 17:26:27 UTC
[allura:tickets] #7832 APIs to manage webhooks
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** open
**Milestone:** unreleased
**Labels:** api
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 09, 2015 04:26 PM UTC
**Owner:** nobody
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Dave Brondsema <da...@brondsema.net>.
- **status**: review --> closed
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** closed
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Wed Feb 25, 2015 09:30 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Dave Brondsema <da...@brondsema.net>.
- **labels**: api --> api, sf-current, sf-4
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** open
**Milestone:** unreleased
**Labels:** api sf-current sf-4
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 09, 2015 04:26 PM UTC
**Owner:** nobody
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Igor Bondarenko <je...@gmail.com>.
- **status**: in-progress --> review
- **Comment**:
Closed #731. `ib/7832`
**Endpoints description (need to add this to API docs wiki page):**
- list webhooks:
- `GET /rest/p/<project>/admin/<app>/webhooks`
- e.g. `/rest/p/test/admin/git/webhooks`
- view webhook:
- `GET /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
- e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`
- create a webhook:
- `POST /rest/p/<project>/admin/<app>/webhooks/<type>/`
- e.g. `/rest/p/test/admin/git/webhooks/repo-push`
- params: `url`
- edit a webhok:
- `POST /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
- e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`
- params: `url`, `secret` (each can be omitted if don't want to update)
- delete a webhook:
- `DELETE /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
- e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`
**Authentication:**
See [API auth docs](https://sourceforge.net/p/forge/documentation/Allura%20API/#authenticating-requests). Works with both bearer tokens and application flow. However, for HTTP methods such as `DELETE` you'll need to authorize with headers, rather than through request body parameters. I've added support of this to Allura (see `55c0748`). We should add this to [API auth docs](https://sourceforge.net/p/forge/documentation/Allura%20API/#authenticating-requests) when it lands.
- if you're using application flow you good to go (python oauth lib uses headers already)
- if you're using bearer tokens, pass it as header: `headers={'Authorization': 'OAuth BearerToken access_token=<your_token>'}`
Also, for sourceforge deployment apache is not configured to pass auth headers to wsgi app (at least on sandboxes), so you'll need to add `WSGIPassAuthorization On` to `allura-venv.conf`. Probably we need to update some docs for installing Allura somewhere?
**QA**
Apply [this change](https://github.com/simplegeo/python-oauth2/pull/97/files) to python-oauth2 to avoid certificat errors on sandbox.
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** review
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 23, 2015 01:02 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Igor Bondarenko <je...@gmail.com>.
- **status**: in-progress --> review
- **Comment**:
Closed #740. Force-pushed `ib/7832`
Also fixes [#7840]
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** review
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Tue Feb 24, 2015 11:09 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Dave Brondsema <da...@brondsema.net>.
- **labels**: sf-4, api, 42cc, sf-current --> sf-4, api, 42cc
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** closed
**Milestone:** unreleased
**Labels:** sf-4 api 42cc
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Fri Feb 27, 2015 11:16 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] #7832 APIs to manage webhooks
Posted by Dave Brondsema <da...@brondsema.net>.
- **status**: review --> in-progress
- **Reviewer**: Dave Brondsema
- **Comment**:
An API response of `"status": "ok"` and nested `"webhook"` dict seems weird, particularly when doing a GET. How about un-nesting the webhook details? The 200 or 201 status code is sufficient to represent the status I think.
Oauth parameters can be passed as a URL param so for DELETE You can do ?access_token=foo and don't have to use an `Authorization:` header.
That said, adding support for header-based oauth bearer tokens is nice. A few things on that:
* There actually is a spec for it. So the `Authorization:` header value should start with just "Bearer " per https://tools.ietf.org/html/rfc6750#section-2.1 I.e. the `bearer_token_prefix` variable.
* You have some `log.error` lines left in `RestController._authenticate_request` and `OAuthNegotiator._authenticate`
* This should be a separate ticket or at least update the title of this ticket so we remember to point it out when we make a changelog in the next release.
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 23, 2015 01:31 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
[allura:tickets] Re: #7832 APIs to manage webhooks
Posted by Igor Bondarenko <je...@gmail.com>.
Good points. Created [#7840] for header auth stuff.
---
** [tickets:#7832] APIs to manage webhooks**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Tue Feb 24, 2015 11:09 PM UTC
**Owner:** Igor Bondarenko
We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.