Project

General

Profile

tickets #98126

Access to the openSUSE authentication server and the openSUSE Mail server

Added by KaratekHD about 2 months ago. Updated 21 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts and GDPR
Target version:
-
Start date:
2021-09-05
Due date:
% Done:

0%

Estimated time:

Description

Dear Admins,
Me (karatekhd@opensuse.org) and Adrien (nycticorax@opensuse.org) are currently working on a REST API for the openSUSE infrastructure (See https://lists.opensuse.org/archives/list/heroes@lists.opensuse.org/thread/RVXFYILF4RVK5V5IEE7O3FK5QVSPWWFW/ for more details and https://github.com/openSUSE/defrag-api for the source code).
Currently, we have implemented multiple features, some of which require authorization. Therefore, it would be really helpful if we could have access to the openSUSE authentication server, maybe in a way so that we can add clients to id.opensuse.org. The idea is to have users authenticate completely against the already existing infrastructure and we can just get a session token for our own purposes (= identify it as a unique, logged in, openSUSE user). Being able to add client to Ipsilon would also help me to continue working on the branding for Fedocal, as I currently can not work on anything that requires to be signed in to Fedocal.
Also, we would like to have access to an email address from the openSUSE mail server, so that we can send automated emails (e.g. reminders).
Thank you very much
~Jens

History

#1 Updated by pjessen about 2 months ago

  • Private changed from Yes to No

KaratekHD wrote:

Also, we would like to have access to an email address from the openSUSE mail server, so that we can send automated emails (e.g. reminders).

For sending, you don't need any "access" as such, only if you expect to receive anything, maybe replies or bounces.

#2 Updated by Nycticorax about 2 months ago

KaratekHD wrote:

Dear Admins,
Me (karatekhd@opensuse.org) and Adrien (nycticorax@opensuse.org) are currently working on a REST API for the openSUSE infrastructure (See https://lists.opensuse.org/archives/list/heroes@lists.opensuse.org/thread/RVXFYILF4RVK5V5IEE7O3FK5QVSPWWFW/ for more details and https://github.com/openSUSE/defrag-api for the source code).
Currently, we have implemented multiple features, some of which require authorization. Therefore, it would be really helpful if we could have access to the openSUSE authentication server, maybe in a way so that we can add clients to id.opensuse.org. The idea is to have users authenticate completely against the already existing infrastructure and we can just get a session token for our own purposes (= identify it as a unique, logged in, openSUSE user). Being able to add client to Ipsilon would also help me to continue working on the branding for Fedocal, as I currently can not work on anything that requires to be signed in to Fedocal.
Also, we would like to have access to an email address from the openSUSE mail server, so that we can send automated emails (e.g. reminders).
Thank you very much
~Jens

pjessen wrote:

KaratekHD wrote:

Also, we would like to have access to an email address from the openSUSE mail server, so that we can send automated emails (e.g. reminders).

For sending, you don't need any "access" as such, only if you expect to receive anything, maybe replies or bounces.

pjessen wrote:

KaratekHD wrote:

Also, we would like to have access to an email address from the openSUSE mail server, so that we can send automated emails (e.g. reminders).

For sending, you don't need any "access" as such, only if you expect to receive anything, maybe replies or bounces.

There are two things implicit in Jens' request.

One. We'd like to be able to send to mailing lists, ideally via a service account.

Explanation: The goal is for the API to offer any consuming service the feature to schedule reminders addressed to varying sets of recipients. When the consuming service is an official openSUSE service, it would make sense to allow the consuming service to schedule reminders addresses to official openSUSE mailing lists. This implies that the API would ideally be able to use a service account bypassing the send-only-if-subscribed mechanism currently in place for the mailing lists.

Two. We'd like to be able to use a visually recognizable address, ideally from the "@opensuse.org" subdomain. So the second part of the request is whether the heroes would agree to let us create such an address.

#3 Updated by pjessen about 2 months ago

Nycticorax wrote:

There are two things implicit in Jens' request.

One. We'd like to be able to send to mailing lists, ideally via a service account.

You mean without having to subscribe, I presume. That should be fine, we can explicitly approve requests from any address.

Two. We'd like to be able to use a visually recognizable address, ideally from the "@opensuse.org" subdomain. So the second part of the request is whether the heroes would agree to let us create such an address.

I don't see any problem in that either, as long as the address is not already used as a member alias. What is important is really only if you want to receive any mails (replies, bounces, spam) on the address.

#4 Updated by Nycticorax about 2 months ago

pjessen wrote:

Nycticorax wrote:

There are two things implicit in Jens' request.

One. We'd like to be able to send to mailing lists, ideally via a service account.

You mean without having to subscribe, I presume. That should be fine, we can explicitly approve requests from any address.

Exactly, without subscribing first.

Two. We'd like to be able to use a visually recognizable address, ideally from the "@opensuse.org" subdomain. So the second part of the request is whether the heroes would agree to let us create such an address.

I don't see any problem in that either, as long as the address is not already used as a member alias. What is important is really only if you want to receive any mails (replies, bounces, spam) on the address.

Awesome! So there are other points in Jens' request, but as far as these two are concerned, we are very excited and thankful if these can get through!

#5 Updated by pjessen about 2 months ago

Nycticorax wrote:

Awesome! So there are other points in Jens' request, but as far as these two are concerned, we are very excited and thankful if these can get through!

No problem - let me know which address@opensuse.org you would like to use. I'll check if it is already a member alias (highly unlikely I'm sure). For reception, there are essentially two options -

a) discard.
b) forward to another address.

For the lists, it is a little tedious adding an address to all lists, maybe we can do it one by one, as you progress?

I'll leave the authentication questions for someone else to address.

#6 Updated by lrupp 21 days ago

  • Category set to Accounts and GDPR

About authentication: this is completely in the hands of SUSE-IT. Moving the ticket under a Category that they screen regularly.

Also available in: Atom PDF