You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2015/02/09 17:26:27 UTC

[allura:tickets] #7832 APIs to manage webhooks



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** open
**Milestone:** unreleased
**Labels:** api 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 09, 2015 04:26 PM UTC
**Owner:** nobody

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Dave Brondsema <da...@brondsema.net>.

- **status**: review --> closed



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** closed
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Wed Feb 25, 2015 09:30 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Dave Brondsema <da...@brondsema.net>.

- **labels**: api --> api, sf-current, sf-4



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** open
**Milestone:** unreleased
**Labels:** api sf-current sf-4 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 09, 2015 04:26 PM UTC
**Owner:** nobody

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Igor Bondarenko <je...@gmail.com>.

- **status**: in-progress --> review
- **Comment**:

Closed #731. `ib/7832`

**Endpoints description (need to add this to API docs wiki page):**

- list webhooks:
    - `GET /rest/p/<project>/admin/<app>/webhooks`
    - e.g. `/rest/p/test/admin/git/webhooks`
- view webhook:
    - `GET /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
    - e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`
- create a webhook:
    - `POST /rest/p/<project>/admin/<app>/webhooks/<type>/`
    - e.g. `/rest/p/test/admin/git/webhooks/repo-push`
    - params: `url`
- edit a webhok:
    - `POST /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
    - e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`
    - params: `url`, `secret` (each can be omitted if don't want to update)
- delete a webhook:
    - `DELETE /rest/p/<project>/admin/<app>/webhooks/<type>/<id>`
    - e.g. `/rest/p/test/admin/git/webhooks/repo-push/54db231c04687d300e65db82`

**Authentication:**

See [API auth docs](https://sourceforge.net/p/forge/documentation/Allura%20API/#authenticating-requests). Works with both bearer tokens and application flow. However, for HTTP methods such as `DELETE` you'll need to authorize with headers, rather than through request body parameters. I've added support of this to Allura (see `55c0748`). We should add this to [API auth docs](https://sourceforge.net/p/forge/documentation/Allura%20API/#authenticating-requests) when it lands.

- if you're using application flow you good to go (python oauth lib uses headers already)
- if you're using bearer tokens, pass it as header: `headers={'Authorization': 'OAuth BearerToken access_token=<your_token>'}`

Also, for sourceforge deployment apache is not configured to pass auth headers to wsgi app (at least on sandboxes), so you'll need to add `WSGIPassAuthorization On` to `allura-venv.conf`. Probably we need to update some docs for installing Allura somewhere?

**QA**

Apply [this change](https://github.com/simplegeo/python-oauth2/pull/97/files) to python-oauth2 to avoid certificat errors on sandbox.



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** review
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 23, 2015 01:02 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Igor Bondarenko <je...@gmail.com>.

- **status**: in-progress --> review
- **Comment**:

Closed #740. Force-pushed `ib/7832`

Also fixes [#7840]



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** review
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Tue Feb 24, 2015 11:09 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Dave Brondsema <da...@brondsema.net>.

- **labels**: sf-4, api, 42cc, sf-current --> sf-4, api, 42cc



---

** [tickets:#7832] APIs to manage webhooks**

**Status:** closed
**Milestone:** unreleased
**Labels:** sf-4 api 42cc 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Fri Feb 27, 2015 11:16 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #7832 APIs to manage webhooks

Posted by Dave Brondsema <da...@brondsema.net>.

- **status**: review --> in-progress
- **Reviewer**: Dave Brondsema
- **Comment**:

An API response of `"status": "ok"` and nested `"webhook"` dict seems weird, particularly when doing a GET. How about un-nesting the webhook details? The 200 or 201 status code is sufficient to represent the status I think.

Oauth parameters can be passed as a URL param so for DELETE You can do ?access_token=foo and don't have to use an `Authorization:` header.

That said, adding support for header-based oauth bearer tokens is nice. A few things on that:

* There actually is a spec for it. So the `Authorization:` header value should start with just "Bearer " per https://tools.ietf.org/html/rfc6750#section-2.1 I.e. the `bearer_token_prefix` variable.
* You have some `log.error` lines left in `RestController._authenticate_request` and `OAuthNegotiator._authenticate`
* This should be a separate ticket or at least update the title of this ticket so we remember to point it out when we make a changelog in the next release.

---

** [tickets:#7832] APIs to manage webhooks**

**Status:** in-progress
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Mon Feb 23, 2015 01:31 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user. This is a common practice to make it easier for the user.

---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] Re: #7832 APIs to manage webhooks

Posted by Igor Bondarenko <je...@gmail.com>.

Good points. Created [#7840] for header auth stuff.


---

** [tickets:#7832] APIs to manage webhooks**

**Status:** in-progress
**Milestone:** unreleased
**Labels:** sf-4 api 42cc sf-current 
**Created:** Mon Feb 09, 2015 04:26 PM UTC by Dave Brondsema
**Last Updated:** Tue Feb 24, 2015 11:09 PM UTC
**Owner:** Igor Bondarenko

We should support APIs to manage webhooks so that 3rd-party sites can use oauth to configure a webhook on behalf of a user.  This is a common practice to make it easier for the user.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.