-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] feat(docs): dec milestone #4144
Conversation
docs/_milestone_.md
Outdated
|
||
- [ ] Authentication & Authorization | ||
https://github.com/strongloop/loopback-next/issues/3902 | ||
- [ ] [5]The First Scenario: Authenticated orders (a minimal authentication) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@raymondfeng @bajtos , we might've talked about this before, I couldn't recall what's left for this task to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This story was created about a year ago as a kind of a workaround allowing us to show authentication in practice, without any authorization layer (that was not available at that time). I think the proposal still makes sense from the point of DX offered by shopping example REST API, but then I don't know what's the current status of the example app and what changes were implemented since the issue was created & discussed for the last time.
To be honest, I no longer care about this particular story. If the rest of the team thinks the proposed changes are not worth the effort, then I am fine to close the story as being no longer relevant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @bajtos . We can drop the authenticated orders
item, and simply ensure whatever remaining authentication and authorization we want in the shopping example is completed. (right now only a few endpoints have authentication or authorization, and we should discuss if we want more...probably when we discuss what other bells and whistles we want to see in shopping cart example)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After Deepak landed his authorization PR, the user/{userId}/orders endpoints are secured with authorization, which means we now compare the userId
from path and the one decoded from access token to ensure they match.
If we change the UX to user/orders
(which retrieves the user id from token directly) then we need to create new examples for authorization scenarios...
I didn't consider the UX change in #1998 when create the authorization PoC(sorry for that...), but since the authorization is already added in the shopping example, I would rather we close #1998 since it doesn't fit the current design.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your input. I'll close #1998 then. thanks.
- `Add Support for Partitioned Database` | ||
- `Inclusion of related models` | ||
- `Production deployment` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd also like use to complete spike on migrating auth & auth from LB3 to LB4, so that we can start planning work on the migration guide and/or tooling for 2020Q1
docs/_milestone_.md
Outdated
|
||
- [ ] [3]Spike: Migration guide from LB3 - Authentication & authorization | ||
https://github.com/strongloop/loopback-next/issues/3719 | ||
- [ ] [3]How to migrate user-defined model methods #3949 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally, I would choose the following order of tasks, but I guess the order does not really matter.
[3]
How to migrate datasources from LB3 to LB4 How to migrate datasources from LB3 to LB4 #3946[3]
How to migrate boot scripts How to migrate boot scripts #3957[3]
How to migrate user-defined model methods How to migrate user-defined model methods #3949[5]
How to migrate remoting hooks How to migrate remoting hooks #3950
docs/_milestone_.md
Outdated
|
||
- [ ] Authentication & Authorization | ||
https://github.com/strongloop/loopback-next/issues/3902 | ||
- [ ] [5]The First Scenario: Authenticated orders (a minimal authentication) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This story was created about a year ago as a kind of a workaround allowing us to show authentication in practice, without any authorization layer (that was not available at that time). I think the proposal still makes sense from the point of DX offered by shopping example REST API, but then I don't know what's the current status of the example app and what changes were implemented since the issue was created & discussed for the last time.
To be honest, I no longer care about this particular story. If the rest of the team thinks the proposed changes are not worth the effort, then I am fine to close the story as being no longer relevant.
docs/_milestone_.md
Outdated
https://github.com/strongloop/loopback-next/issues/1352 | ||
|
||
- [ ] [5]Reject create/update requests when data contains navigational | ||
properties https://github.com/strongloop/loopback-next/issues/3439 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. The milestone plan here is tentative, will depend on what's left from Nov.
|
||
- [ ] [5]Contribute OpenAPI spec pieces from extensions | ||
https://github.com/strongloop/loopback-next/issues/3854 | ||
- [ ] [3]Add user profile factory for authentication modules |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would say #3846 is not a high priority.
"support token based authentication in API Explorer in shopping example" from the epic story is much more important, I don't remember if we have a story for it(probably not), I remember Raymond wants to have a default auth dialog for token based authentication, and I agree with him.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought #3854 would allow that. no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
docs/_milestone_.md
Outdated
|
||
- [ ] Authentication & Authorization | ||
https://github.com/strongloop/loopback-next/issues/3902 | ||
- [ ] [5]The First Scenario: Authenticated orders (a minimal authentication) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After Deepak landed his authorization PR, the user/{userId}/orders endpoints are secured with authorization, which means we now compare the userId
from path and the one decoded from access token to ensure they match.
If we change the UX to user/orders
(which retrieves the user id from token directly) then we need to create new examples for authorization scenarios...
I didn't consider the UX change in #1998 when create the authorization PoC(sorry for that...), but since the authorization is already added in the shopping example, I would rather we close #1998 since it doesn't fit the current design.
3316bec
to
4047b20
Compare
I've updated the milestone based on the review comments. We now target for 37 points because we need to account for the vacation time. Besides issues we might complete before Dec, if everyone agrees, we'll use this as the Dec milestone. Thanks! |
- [ ] Inclusion of related models [MVP] | ||
https://github.com/strongloop/loopback-next/issues/1352 | ||
|
||
- [ ] [5]Reject create/update requests when data contains navigational |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this task is done in Nov, please replace this with
Include related models with a custom scope #3453
- [ ] [3]Add user profile factory for authentication modules | ||
https://github.com/strongloop/loopback-next/issues/3846 | ||
|
||
- [ ] Add Support for Partitioned Database |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is already done :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the blog post?
Do not merge this PR
This PR is to propose the Dec milestone. Once we agree, a github issue will be created based on the content. This PR is not meant to be merged.
Currently we've committed in 37 points. It's lower than our team velocity, but it might be more than enough because of the holidays.
Checklist
👉 Read and sign the CLA (Contributor License Agreement) 👈
npm test
passes on your machinepackages/cli
were updatedexamples/*
were updated👉 Check out how to submit a PR 👈