Weblate OIDC migration #12479

New issue

Open

opened 2025-04-07 12:09:27 +00:00 by nijel · 5 comments

nijel commented 2025-04-07 12:09:27 +00:00 (Migrated from pagure.io)

Copy link

I've just learned from https://github.com/python-social-auth/social-core/pull/1099 by @abompard that is a plan to drop OpenID in favor of OIDC.

https://translate.fedoraproject.org/ is still using OpenID, so some actions need to be taken to migrate to OIDC.

To be able to use OIDC in Weblate, https://github.com/python-social-auth/social-core/pull/1099 first will need to be merged and released.

Is there some documentation on migrating user associations? Or will the identifiers stay look like with OpenID?

CC @jibecfed

I've just learned from https://github.com/python-social-auth/social-core/pull/1099 by @abompard that is a plan to drop OpenID in favor of OIDC. https://translate.fedoraproject.org/ is still using OpenID, so some actions need to be taken to migrate to OIDC. To be able to use OIDC in Weblate, https://github.com/python-social-auth/social-core/pull/1099 first will need to be merged and released. Is there some documentation on migrating user associations? Or will the identifiers stay look like with OpenID? CC @jibecfed

zlopez commented 2025-04-07 12:29:30 +00:00 (Migrated from pagure.io)

Copy link

Metadata Update from @zlopez:

• Issue priority set to: Waiting on Assignee (was: Needs Review)
• Issue tagged with: high-gain, low-trouble

**Metadata Update from @zlopez**: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: high-gain, low-trouble

zlopez commented 2025-04-07 12:31:22 +00:00 (Migrated from pagure.io)

Copy link

From what I heard from @abompard it should be able to link the openid accounts to OIDC ones.

But I leave this for @abompard to answer.

From what I heard from @abompard it should be able to link the openid accounts to OIDC ones. But I leave this for @abompard to answer.

abompard commented 2025-04-07 13:08:01 +00:00 (Migrated from pagure.io)

Copy link

Hey! In python-social-auth, there is a setting called SOCIAL_AUTH_PIPELINE where you can list functions that will be run during the authentication process. The social_core.pipeline.social_auth.associate_by_email function is disabled by default, but if you enable it it will match by email address logging-in users with existing users. As a result, new users using OIDC will get their existing account, if you have enabled this function in your pipeline.

Hey! In python-social-auth, there is a setting called `SOCIAL_AUTH_PIPELINE` where you can list functions that will be run during the authentication process. The `social_core.pipeline.social_auth.associate_by_email` function is disabled by default, but if you enable it it will match by email address logging-in users with existing users. As a result, new users using OIDC will get their existing account, if you have enabled this function in your pipeline.

misc commented 2025-04-07 14:52:40 +00:00 (Migrated from pagure.io)

Copy link

I think one of the issue is that translate is a hosted service.

I think one of the issue is that translate is a hosted service.

misc commented 2025-04-17 17:06:46 +00:00 (Migrated from pagure.io)

Copy link

I met with @jibecfed this weekend who pointed me to @darknao for technical matters wrt weblate hosted instance.

I met with @jibecfed this weekend who pointed me to @darknao for technical matters wrt weblate hosted instance.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: rootroot/fedora-infrastructure#12479

No description provided.