🤔 Problem

3rd party developers want to be able to accomplish via our API:

• what are my projects?
• what belongs to each project (launchers, envs, DCs, code repos)?
• be able to create project, with entities inside

🍴 Appetite

3 weeks

🎯 Solution

Authentication

1. (preferred) Modify the authentication of JWT tokens to accept different clients

   Make changes in the authentication checks on data services to accept tokens from different clients in keycloak. There will be a new client in keycloak in the Renku realm that will be used by each external service that will use the API. There may also be gateway changes that are needed.

   External services must contact us to get the credentials for an Oauth client in our Keycloak.

2. Offer a Long Lived Token

   Add an option to create some kind of static personal access tokens for Renku. That will be accepted for authentication anywhere. Without doing a whole oauth flow.

API Approach

Make no changes to the current API structure for now.

Testing & Communication with people using our API

• We’d like to label endpoints as public/internal, with some kind of tag that shows in the Swagger page, to remind ourselves which endpoints are being used by others, and highlight to users which ones are (maybe) more stable
• Implement tests that look at the apispec and tell you if your changes are breaking, and have a practice of noting API breaking changes in the Release Notes

🚞 User stories / journeys