JWT Auth integration#460
Conversation
- configuration for JWT, with key masking js. - all publications urls would get the jwt as query param - studio and editor would get the JWT with a form submission. - OpencastAPI class now contains all required methods for attaching JWT to the url and so on.
ferishili
added
enhancement
github-project-automation
Bot
moved this to Backlog
in Opencast & Opencast PageComponent
|
In meeting: Community-Opencast is configured with JWT. Ansible scripts available for configuration of Opencast installation available. ReviewApp: http://oc-pr-460.opencast.k8s.sr.solutions/ |
|
In Sitzung: Hauptsächlich zu testen sind Thumbnails-Anzeige, Videos-Aufruf, Captions, Segments-Thumbnails und Sanity-Test. Testing dieses PRs hat Prio gegenüber 10er-Version testing (durch @dagraf). |
|
FYI: The iframe integration is available. A few important notes:
|
|
All tests were successful (with JWT enabled and disabled). Therefore and @chfsx: Can you please review this PR and merge it, if everything is fine or comment here if you see any issues? Thank you! As soon as this PR passes the review state and it is ready for merging, @ferishili will write a documentation for "How to configure Opencast for JWT". |
chfsx
left a comment
chfsx
left a comment
There was a problem hiding this comment.
@ferishili many thanks for the implementation!è the PR is quite huge, I have not yet finished the whole review... but I send you my first findings so you can already begin to tackle them, ok?
| $tpl->setVariable("JS_CONFIG", json_encode($this->buildJSConfig($event))); | ||
| } | ||
|
|
||
| if (empty($tpl)) { |
There was a problem hiding this comment.
due to the if/else, $tpl cannot be empty right?
There was a problem hiding this comment.
Do you mean, we should get rid of if(empty($tpl)) block?
|
Just as a small note: there will be an additional JWT authentication mechanism for Annotation, similar to the one used by Studio and the Editor, which I plan to add later. |
as it is minimum supported php version
|
@chfsx The changes regarding annotation-tool JWT compatibility are there, please continue with your review! |
|
Thanks a lot @ferishili for your work! This is now ready to merge FMPOV, let's discuss this in the meeting this afternoon |
|
In meeting: We decided to merge it in the upcoming release. |
|
@chfsx what should we do with this PR? |
|
@ferishili I will close it after I managed to port the changes to release_10 (hopefully today) |
3 participants
This PR fixes #459,
NOTE: It is still work in progress!
In order to test this PR, the JWT Auth should be also activated in your Opencast: https://docs.opencast.org/r/18.x/admin/#configuration/security.jwt/#spring-security-configuration
For our Opencast community instance : It is deactivated, since there are active tests in other ReviewApps, so in order to test this, we have inform others, since activating the JWT in Opencastwould result in 403 Error for others!