Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization server scope changes #111

Merged
merged 3 commits into from
Aug 7, 2024
Merged

Authorization server scope changes #111

merged 3 commits into from
Aug 7, 2024

Conversation

charlottekostelic
Copy link
Contributor

OCLC Authorization server now accepts scope and/or scopes as a parameter. Type and formatting of scope parameter is the same as scopes.

OCLC did not provide an update noting this change and their documentation on the Client Credentials Grant page uses the two parameters interchangeably.

Changed:

  • documentation and tests to reflect change in parameters accepted by OCLC Authorization server
  • Updated dependencies:
    • certifi (2024.7.4)
    • jinja2 (3.1.4)
    • requests (2.32.3)
    • urllib3 (2.2.2)
    • zipp (3.19.2)

klinga
klinga reviewed Jul 30, 2024
View reviewed changes
Copy link
Member

@klinga klinga left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be worth reaching out to OCLC to confirm it. So, in the authorization server response, there are two fields, one with 'scope' and another with 'scopes', with the same values? It's a bit clunky, but maybe that's a common mistake they observed and tried to remediate.

@charlottekostelic
Copy link
Contributor Author

Yes, there are now two fields (scope and scopes) that are interchangeable. The authorization server accepts payloads with either/both scope and scopes. It returns returns a response with the same value in both fields.

It seems clunky but OCLC's documentation uses "scope" and "scopes" interchangeably so I suspect it is a common mistake.

I didn't add scope as a parameter for WorldcatAccessToken because I thought it might be confusing. I just updated the tests that were failing and the examples we provide in our documentation to account for the change in the auth server response.

I want to create a github actions workflow to run monthly to check the responses from the Metadata API and auth server so we know if OCLC changes anything. I'll include that in a future PR though.

@klinga
Copy link
Member

klinga commented Aug 7, 2024
edited
Loading

Thanks, Charlotte.

I want to create a github actions workflow to run monthly to check the responses from the Metadata >API and auth server so we know if OCLC changes anything. I'll include that in a future PR though.

That's a good idea. Let's request a new WSKey just for that purpose. GitHub provides a means to securely store credentials within the repo.

klinga
klinga approved these changes Aug 7, 2024
View reviewed changes
Copy link
Member

@klinga klinga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@charlottekostelic charlottekostelic merged commit 52f0d2f into releases/v1.0.2 Aug 7, 2024
9 checks passed
@charlottekostelic charlottekostelic deleted the auth-scope-changes branch August 7, 2024 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klinga klinga klinga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@charlottekostelic @klinga