The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
Move to using the filters list provided in the ApplicationAccess model
to genarically store scopes instead of the org specific ApplicationOrg
model mapping.
- This PR removes all imports from provider by either bringing them into edx-platform or finding dot replacement. Removing tests that tested dop parts of code.
- Skipping some tests and removing dop
The tests are difficult to fix due to its entanglement with dop use in third_party_auth.
These tests should be restarted once dop has been removed from third_party_auth and its tests.
- set ENABLE_DOP_ADAPTER = False for devstack
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
- Upgrade edx-drf-extensions to 2.4.5
- Removed constraint to 2.4.0, because 2.4.2 introduces a workaround for
ARCH-1210 by putting the problematic code behind a django setting.
- Remove unused JWT_AUTH_REFRESH_COOKIE setting.
ARCH-418, ARCH-1269, ARCH-1044
fix broken toggle
* Fix type mismatches in track migrations
* Fix type mismatches in oauth_dispatch
* Fix type mismatches in badges migrations
* fix type mismatch in contentserver migrations
* Fix type mismatches in mobile_api migrations
* fix type mismatch in crawlers migrations
* fix type mismatch in dark_lang migrations
* fix type mismatch in branding migrations
Update the ADR to clarify another rollout strategy with
HTTP_USE_JWT_COOKIE using the new
JwtRedirectToLoginIfUnauthenticatedMiddleware and new permission class
LoginRedirectIfUnauthenticated.
ARCH-1051
The following changes are made to add LMS user_id:
* Adds user_id scope to the JWT to provide the LMS user_id.
* JWT cookies always use the user_id claim.
ARCH-379
