Full OAuth & OIDC compliant API

[reesericci]

This PR adds a full OAuth API to Obl.ong, allowing clients to manage domains, records, and accounts!

Short overview of paths:

/oauth/authorize: authorization url
/oauth/token: token url
/api/v1/user: current user info
/api/v1/domains: domains
/api/v1/domains/:host: domain
/api/v1/domains/:host/records: records
/api/v1/domains/:host/records/:id: record

and more!

Closes #33

[github-actions]

Please choose an option to tip:

😁 $1.00/line: $2658.00	😄 $0.75/line: $1993.50	😃 $0.50/line: $1329.00

Or donate to the Obl.ong project

[dispherical]

based

[cjdenio]

a few random suggestions!

[reesericci]

Thanks caleb!

[polypixeldev]

Nice! A few things:

• Clicking on a provisional application seems to attempt a load and refreshes the page. Clicking should just not do anything, like provisional domains
• undefined method domain_created_email for an instance of ActionMailer::Parameterized::Mailer when I approved a application request with the Tinder UI
• Invalid URLs in the app request page get silently rejected
• It scrolls all the way back up every time I submit a change on the app settings page
• Some sort of feedback to the user when I create, copy, or delete creds/scope/redir-urls
• Provide some docs on how to use OIDC/OAuth, even if it just links to another site that explains it well

I didn't test every API endpoint, but I did go through the auth flow and make sure it works.

[reesericci]

Clicking on a provisional application seems to attempt a load and refreshes the page. Clicking should just not do anything, like provisional domains

Fixed

undefined method domain_created_email for an instance of ActionMailer::Parameterized::Mailer when I approved a application request with the Tinder UI

Fixed

Invalid URLs in the app request page get silently rejected

Added a flash message

It scrolls all the way back up every time I submit a change on the app settings page

It's a form submission, not an AJAX request - so this will not be fixed

Some sort of feedback to the user when I create, copy, or delete creds/scope/redir-urls

Added a flash message

Provide some docs on how to use OIDC/OAuth, even if it just links to another site that explains it well

That's an issue for obl-ong/docs - I'm also working on an OpenAPI spec

[polypixeldev]

• If you request an API route without putting in a token I just get a controller error, it should be 401 with a message:

  NoMethodError (undefined method `application_id' for nil):
  
  app/controllers/api/v1/api_controller.rb:14:in `not_provisional'
  

• Flash messages stay there until reload?

REST of the GET API routes have been tested!

[reesericci]

• If you request an API route without putting in a token I just get a controller error, it should be 401 with a message:

NoMethodError (undefined method `application_id' for nil):
 app/controllers/api/v1/api_controller.rb:14:in `not_provisional'

Ah - this is because of the check where I tell if a client is provisional - it should just return if nil.

• Flash messages stay there until reload?

yes its not a js toast

[polypixeldev]