Related issue from infra : https://pagure.io/fedora-infrastructure/issue/10567
Error is :
Bad Request
Request Line is too large (4175 > 4094)
It show very long URL after I clicked login (I can see FAS Login then It shows error, open id works but qa.fpo doesn't login)
This is due to the openid flow sending information back in a cookie, and that has limited size.
There might be a way for you not to request ssh keys?
Or better yet, move from openid to OIDC.
Thanks for explanation, @kevin. Currently we're using flask_fas_openid.py from https://github.com/fedora-infra/python-fedora . I don't see an option to avoid requesting ssh keys :-/
Is there some library that would allow our Flask app to easily connect through OIDC, do you know?
Metadata Update from @kparal: - Issue priority set to: High - Issue tagged with: bug
Issue tagged with: next
@kparal we're using OIDC in oraculum, the architecture of the app is very similar to bba: https://pagure.io/fedora-qa/oraculum
Metadata Update from @kparal: - Issue assigned to kparal
A note for self: The OIDC library used in oraculum is not much alive either :-/
Merged duplicate: #268
I have been facing this since a LOONG time now
welp, if this isn't going to get fixed, can someone else login to the admin interface and make the necessary changes? unmark beta as active and current, make final active and current (and maybe make 39 beta and final active but not current).
I keep meaning to come up with a way to automate those but never get the roundtuits, so for now it's just me doing it. Until I can't login any more.
I'd love to fix it. For the moment, just ping me if you need something done.
is this still the thing that projects should be using for flask apps? https://github.com/fedora-infra/flask-oidc I think we are considering dropping that and getting people to just configure it directly... if we do, there will be docs on how to move and help with existing apps I sure hope
Another interesting project which might be useful: https://github.com/CZ-NIC/pyoidc
I'd probably try this way (in progress locally):
where are we with this? per https://pagure.io/cpe/initiatives-proposal/issue/19 it seems CPE went with authlib.
There has been no progress in BBA. Thanks for the update.
Merged duplicate: #287
It looks like we'll need to migrate to a newer login method soon-ish: https://pagure.io/fedora-infrastructure/issue/10241#comment-956987
This should be now fixed in production :tada: Please test, thanks!
Metadata Update from @kparal: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Looks great now. Thanks a lot!
This issue has been migrated to Fedora Forge: https://forge.fedoraproject.org/quality/blockerbugs/issues/238
Please continue any further discussion there.
Log in to comment on this ticket.