-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Custom Applications multiple permissions #2799
Conversation
🦋 Changeset detectedLatest commit: 86ff5a8 The changes in this PR will be included in the next version bump. This PR includes changesets to release 35 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Deploy preview for merchant-center-application-kit ready! ✅ Preview Built with commit 86ff5a8. |
66c0e0f
to
3caad79
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks very promising 💪
I just left some comments with some questions/suggestions.
.changeset/cuddly-chefs-burn.md
Outdated
'@commercetools-frontend/application-config': patch | ||
--- | ||
|
||
Define new field `additionalOAuthScopes` in the Custom Application config. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we describe what this new field should be use for?
Or maybe add a link to the updated documentation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Just some nitpicking.
|
||
## `additionalOAuthScopes.view` | ||
|
||
A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. | |
A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the additionalOAuthScopes `View` permission. |
|
||
## `additionalOAuthScopes.manage` | ||
|
||
A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `Manage` permission. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `Manage` permission. | |
A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the additionalOAuthScopes `Manage` permission. |
@@ -30,6 +30,37 @@ Notice here how the OAuth Scopes are grouped by the two fields `view` and `manag | |||
|
|||
This grouping determines the **mapping and relation between OAuth Scopes and user permissions**. | |||
|
|||
# Additional OAuth Scopes | |||
|
|||
Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. | |
Defining `oAuthScopes` in the Custom Application config allows using permissions limited to 1 unique pair (view/manage) specific to the Custom Application. |
|
||
Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. | ||
|
||
For more granular permissions, for example to allow team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For more granular permissions, for example to allow team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. | |
For more granular permissions, for example, to allow the team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. |
FYI: marking this PR as draft/blocked as we shouldn't merge this yet, only when it's time to release the feature. We can use this as the base branch I suppose. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you had a chance to test the OIDC flow locally?
.changeset/cuddly-chefs-burn.md
Outdated
@@ -0,0 +1,5 @@ | |||
--- | |||
'@commercetools-frontend/application-config': patch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: new features usually should be considered a minor
version
@@ -327,7 +327,7 @@ You can have "view-only" or "manage-only" OAuth Scopes and leave the other list | |||
|
|||
## `oAuthScopes.view` | |||
|
|||
A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. | |||
A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `View` permission. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer the documentation changes to be defined in a separate PR. Main reason being that merging this PR will publish the docs changes but the packages are not being released yet.
So the docs changes can be merged separately once the packages have been released.
Can you extract these docs changes into a separate PR? Thanks 🙂
5e11208
to
564f59a
Compare
2e06827
to
55b0790
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome job 🚀
* feat(config): include additional permissions when using config-sync * refactor(cli): validate additional oathScope * refactor(cli): implement getPermissions function, update tests * refactor(cli): move getPermission function to transformer.ts * refactor(cli): add validation for additional permission name * refactor(cli): show duplicated permission name in error thrown
9a01d41
to
86ff5a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
https://jira.commercetools.com/browse/SHIELD-580
In preparation for the Custom Applications Multiple Permissions support.