WIP - Documentation

[synchronizing]

Work in progress (WIP), please do not merge.

Effort to add documentation to the entire project. Any feedback is welcomed.

Todo

• Remove root/src/<project> folder for the more conventional root/<project> format.
• Finish documenting the rest of the codebase.
• Complete Getting Started, Plug & Play, Settings, and Index documentation.
• Update the README.md to reflect new documentation changes.
• Add Contributing to documentation.
• Adds automatic docs publishing.
• Add documentation building commands to the Makefile.
• Format code to be compliant with repos standard.
• Add examples to the documentation.
  • Best to likely have an /examples folder with the complete code, as well as the documentation page on the logic of the example code.

Note

This PR adds auto documentation publishing to the gh-pages, which automatically publishes the docs at <user>.github.io/aioauth/. See example here. This must be turned on in the repo settings.

Misc

Fix for #16, #22.
Update for #23.

[synchronizing]

Reminder: This needs to be removed before PR is merged.

Added for the sake of building documentation on Github throughout the development of this pull request.

[aliev]

@synchronizing wow very impressive! many thanks for contributing!

[aliev]

great explanation!

[synchronizing]

@synchronizing wow very impressive! many thanks for contributing!

My pleasure on the contribution. I see the huge potential this library has, and I think documentation this early on would help flourishing the repo down the line. I have future plans to eventually helping out implementing OpenID Connect as well.

great explanation!

Thank you! I'm writing things as I go, so if you feel like anything is out-of-line, please don't hesitate to call it out/change it. I'll be working on this further come the this month (likely in a few weeks)- I got a huge deadline dropped on my table yesterday.

[synchronizing]

@aliev Is there any reason for the use of Text over str throughout the project? Encounter it in models.py, and unsure if this is on purpose or not, as a few lines down str is used instead.

[aliev]

@synchronizing I had no apparent reason to replace str with Text. I think Text doesn't make sense for models, but maybe it makes sense to use it for Request / Response classes fields only? Note from the python docs:

Use Text to indicate that a value must contain a unicode string in a manner that is compatible with both Python 2 and Python 3:

in any case I see no problem in replacing Text with str. What do you think about that?

[synchronizing]

I agree with the replacement.

... but maybe it makes sense to use it for Request / Response classes fields only?

I agree with the use of unicode there - a lot of databases do support unicode, and I can certainly see the use for websites/providers that leverage different characters for their usernames/passwords. Will replace the str for username and password to Text.

[synchronizing]

Unsure why last commit is throwing line errors from flake8-black. Will investigate further at a later date. @aliev if you have any ideas from the top of your head, that would be wonderful, if not, I'll explore.

Running black -l 88 .. Locally, flake8 aioauth tests runs without error.

[aliev]

@synchronizing could you try black .? I tried on your branch:

(env) ➜  aioauth git:(documentation) black .
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/test_db.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/aioauth/server.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/aioauth/response_type.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/conftest.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/test_utils.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/classes.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/aioauth/utils.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/aioauth/grant_type.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/test_endpoint.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/test_request_validator.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/test_flow.py
reformatted /Users/ali/Projects/aliev/tmp/aioauth/tests/utils.py
All done! ✨ 🍰 ✨
12 files reformatted, 19 files left unchanged.
(env) ➜  aioauth git:(documentation) ✗ git status
On branch documentation
Your branch is up to date with 'origin/documentation'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   aioauth/grant_type.py
	modified:   aioauth/response_type.py
	modified:   aioauth/server.py
	modified:   aioauth/utils.py
	modified:   tests/classes.py
	modified:   tests/conftest.py
	modified:   tests/test_db.py
	modified:   tests/test_endpoint.py
	modified:   tests/test_flow.py
	modified:   tests/test_request_validator.py
	modified:   tests/test_utils.py
	modified:   tests/utils.py

no changes added to commit (use "git add" and/or "git commit -a")

[synchronizing]

@synchronizing could you try black .?

No cigar on my end. Unsure why.

10:13:16 at /Users/felipe/Desktop/aioauth 
  λ black .
All done! ✨ 🍰 ✨
31 files left unchanged.

10:13:18 at /Users/felipe/Desktop/aioauth 
  λ git status
On branch documentation
Your branch is up to date with 'origin/documentation'.

nothing to commit, working tree clean

Really weird. Will explore further, but your response was super helpful - likely some weird settings is getting applied for my Black formatter. Thank you.

[aliev]

@synchronizing hmm that's interesting. I cloned your fork, created virtual environment based on python 3.8:

python -mvenv env
source env/bin/activate

and did make dev-install.

this what flake8 command shows:

(env) ➜  aioauth git:(documentation) flake8 aioauth
aioauth/server.py:43:29: BLK100 Black would make changes.
aioauth/response_type.py:122:42: BLK100 Black would make changes.
aioauth/utils.py:167:33: BLK100 Black would make changes.
aioauth/grant_type.py:39:21: BLK100 Black would make changes.
(env) ➜  aioauth git:(documentation) flake8 tests  
tests/test_utils.py:76:60: BLK100 Black would make changes.
tests/conftest.py:105:36: BLK100 Black would make changes.
tests/test_db.py:35:29: BLK100 Black would make changes.
tests/test_flow.py:50:25: BLK100 Black would make changes.
tests/utils.py:37:49: BLK100 Black would make changes.
tests/test_endpoint.py:121:49: BLK100 Black would make changes.
tests/classes.py:31:14: BLK100 Black would make changes.
tests/test_request_validator.py:31:23: BLK100 Black would make changes.
(env) ➜  aioauth git:(documentation) 

[aliev]

@synchronizing should we remove the PasswordGrantType from the BaseAuthorizationServer by default?

[synchronizing]

I would advise against removing assuming I understand the question correctly - which would mean removing PasswordGrantType completely. Forgive me if you meant something else.

Password grant, while not recommended for every client, is the preferred method for those that separate their backend and frontend (also called, "first-party" apps, since the OAuth server owner also owns another application that leverages the server). In other words, if you have a FastAPI OAuth server and a seperate React frontend and mobile app, the only realistic way to have the user login is via the PasswordGrantType. To put it into perspective, you login to Twitter on their iOS app and React frontend via the PasswordGrantType, but login to (say) External Application X via their AuthorizationCodeGrantType, where the OAuth server asks "hey, you sure you want to authorize this app?" See here for more info.

While I haven't gotten to checking this just yet in relation to aioauth, one thing that authorization servers must have is the ability to specify which grant type a specific client has access to. Company A might have a OAuth server and frontend and mobile app that leverages the PasswordGrantType, while also allowing company B to use their OAuth server, but only have access to the AuthorizationCodeGrantType. See here for more info.

[aliev]

no, I did not mean complete deletion, as this is part of the oauth2 protocol. I thought about excluding it by default from BaseAuthorizationServer:

aioauth/src/aioauth/base/server.py

Lines 25 to 28 in 188699e

	GrantType.TYPE_AUTHORIZATION_CODE: AuthorizationCodeGrantType,
	GrantType.TYPE_CLIENT_CREDENTIALS: ClientCredentialsGrantType,
	GrantType.TYPE_PASSWORD: PasswordGrantType,
	GrantType.TYPE_REFRESH_TOKEN: RefreshTokenGrantType,

user can still enable it with the register method:

aioauth/src/aioauth/base/server.py

Lines 34 to 41 in 188699e

	def register(
	self,
	endpoint_type: EndpointType,
	server: Union[ResponseType, GrantType],
	endpoint_cls: Union[Type[ResponseTypeBase], Type[GrantTypeBase]],
	):
	endpoint_dict = getattr(self, endpoint_type)
	endpoint_dict[server] = endpoint_cls

but in any case, the user can also remove the PasswordGrantType on his own :)

[synchronizing]

Oh, I see!

I'm in favor, in such case. I haven't gotten to documenting the base server just yet, so I didn't know that function even existed. We can document this properly and ensure users are aware that there is the option, even though it's not recommended. Whatever the case, I wouldn't be making the modifications via this PR since it's exclusive to documentation, but I can add to the docs as soon as we make that change.

[aliev]

Indeed. Better to just document it and user will decide should it remove it or keep it

[aliev]

@synchronizing interesting, the build status is still waiting.

[synchronizing]

I think it is due to a bad merge from my end (master to documentation). Going to try to figure this out today and continue work on the PR.

[synchronizing]

Fixed the merge conflict, and Black situation. For future references, for whatever reason my system was defaulting to the latest version of Black (global install) despite activating the virtual environment. Running the env Black via relative path (./env/bin/black .) fixed all issues.

[aliev]

@synchronizing
I think the link here must be also with http(s) prefix: https://synchronizing.github.io/aioauth/sections/documentation/models.html#aioauth.models.AuthorizationCode.code_challenge_method (otherwise it leads to the current path)

[synchronizing]

Sphinx wasn't playing nice at the time, and adding https:// was (surprisingly enough) breaking the hyperlink. Without it seemed to work, but I'll go ahead and leave this review open to go over this before finalizing things - I'll try to make https work.

[codecov-io]

Codecov Report

Merging #21 (0eea325) into master (188699e) will decrease coverage by 0.35%.
The diff coverage is 97.99%.

@@            Coverage Diff             @@
##           master      #21      +/-   ##
==========================================
- Coverage   99.27%   98.92%   -0.36%     
==========================================
  Files          15       15              
  Lines         549      556       +7     
  Branches       56       56              
==========================================
+ Hits          545      550       +5     
- Misses          3        4       +1     
- Partials        1        2       +1     

Impacted Files	Coverage Δ
aioauth/base/request_validator.py	100.00% <ø> (ø)
aioauth/base/server.py	100.00% <ø> (ø)
aioauth/errors.py	100.00% <ø> (ø)
aioauth/types.py	100.00% <ø> (ø)
aioauth/utils.py	93.40% <93.40%> (ø)
aioauth/base/database.py	100.00% <100.00%> (ø)
aioauth/config.py	100.00% <100.00%> (ø)
aioauth/constances.py	100.00% <100.00%> (ø)
aioauth/grant_type.py	100.00% <100.00%> (ø)
aioauth/models.py	100.00% <100.00%> (ø)
... and 13 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 188699e...0eea325. Read the comment docs.

[aliev]

@synchronizing I'm thinking about removing the flake8 and black from the requirements and use only pre-commit.

[synchronizing]

Makes sense to me. I have to revisit the project soon- things took an unexpected turn in life. Whatever is changed in master I'll apply to this branch in time.

[synchronizing]

Closing this for the meantime. Planning on restarting this PR some point in the next few months.

If new PR is created regarding docs, any text written here can be utilized.