See the blocked bug for reasoning why. The plan: 1. Provide a way to setup OAuth2 client ID. 2. Convert existing routes to serve raw templates and javascript code. 3. Move the sign in to client side. Send "Authorization" header for auth.
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/da04014d32632924f7256b27fa0235b727161e23 commit da04014d32632924f7256b27fa0235b727161e23 Author: vadimsh <vadimsh@chromium.org> Date: Mon Apr 24 22:43:06 2017 auth: Add a page to setup web client ID for a service. Note that LUCI config is undesirable here. A web client ID will be needed for initial setup of Auth Service, but LUCI Config requires a working auth service. If we make Auth Service setup depend on LUCI Config, we'll have a dependency cycle. R=nodir@chromium.org BUG=714821 Review-Url: https://codereview.chromium.org/2836223002 [modify] https://crrev.com/da04014d32632924f7256b27fa0235b727161e23/appengine/components/components/auth/api.py [modify] https://crrev.com/da04014d32632924f7256b27fa0235b727161e23/appengine/components/components/auth/api_test.py [modify] https://crrev.com/da04014d32632924f7256b27fa0235b727161e23/appengine/components/components/auth/ui/templates/bootstrap_done.html [add] https://crrev.com/da04014d32632924f7256b27fa0235b727161e23/appengine/components/components/auth/ui/templates/bootstrap_oauth.html [modify] https://crrev.com/da04014d32632924f7256b27fa0235b727161e23/appengine/components/components/auth/ui/ui.py
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a commit a51c5be37a4090e71e8eb7e31a2c51da37c0f96a Author: vadimsh <vadimsh@chromium.org> Date: Tue Apr 25 20:48:06 2017 auth: Split UI pages into admin and non-admin ones. Admin pages (involved in initial bootstrap) will stay as they are. Non-admin pages will be converted to use client-side Google Sign-In flow. R=nodir@chromium.org BUG=714821 Review-Url: https://codereview.chromium.org/2838793002 [modify] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/access_denied.html [add] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/access_denied.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/base.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/bootstrap.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/bootstrap_done.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/bootstrap_oauth.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/linking.html [rename] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/templates/admin/linking_done.html [modify] https://crrev.com/a51c5be37a4090e71e8eb7e31a2c51da37c0f96a/appengine/components/components/auth/ui/ui.py
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/872b28d8137e4f2211c32e549c4402085ed039fc commit 872b28d8137e4f2211c32e549c4402085ed039fc Author: vadimsh <vadimsh@chromium.org> Date: Mon May 01 18:59:18 2017 auth_service: Fetch revisions of all configs (for UI) at once. Also, do it in parallel. This will simplify the switch to client-side Single Page Application by removing the need for per-tab callback (info for all tabs will be fetched at once). R=nodir@chromium.org BUG=714821 Review-Url: https://codereview.chromium.org/2840053003 [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/auth_service/config.py [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/auth_service/config_test.py [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/auth_service/handlers_frontend.py [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/auth_service/templates/config.html [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/components/components/auth/ui/templates/base.html [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/components/components/auth/ui/templates/ip_whitelists.html [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/components/components/auth/ui/templates/oauth_config.html [modify] https://crrev.com/872b28d8137e4f2211c32e549c4402085ed039fc/appengine/components/components/auth/ui/ui.py
chrome-infra-auth has been switched to use GAE Users API, and thus this bug now is nice-to-have UI improvement. It doesn't block issue 712506 anymore.
Comment 1 by bugdroid1@chromium.org
, Apr 24 2017