feat: Update access requests to use PAT #81
+676
−491
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the access request implementation to work with PATs to ensure only resource owners can accept requests. The access request documentation has been updated accordingly.
Some of the changes here are definitely not perfect, but, in my opinion, improvements that get the requests working better and more stable until a more comprehensive refactor is possible. To do the latter the internals of the policy API will also have to be updated.
One of the main changes is that a request is now made by POSTing a JSON object with the target resource and scopes, instead of a full turtle document containing details that should be generated by the server. The disadvantage is that this can be restrictive for more advanced use cases, but for now this should suffice. There is something to be said for just allowing the user to submit full policies to be accepted in the future.
PAT data is now supported, so only actual resource owners can accept requests.
Besides that there are various minor updates in the relevant classes to have more correct output.