)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"43b38ece04b7736e511cec6c6600c8c13d664f39","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"dacf58eb_85359fd8","updated":"2023-02-22 13:10:14.000000000","message":"Nice solution Arvid! I must try this out.\n\nI have actually just been looking at this flow myself, as a way not to loose MFA enforced by the IdP when using the CLI (i.e. an alternative to app creds when doing federation).\n\nI will try make time to try this out and post back about how it goes. Only got one minor nit pick around the message including the word Keycloak.","commit_id":"70d98a6a410a6513fac61f646f4662c94097a844"}],"keystoneauth1/identity/v3/oidc.py":[{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"8f05499b8c633c0a1c2a24c69bda136490214bef","unresolved":true,"context_lines":[{"line_number":15,"context_line":"import warnings"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"import six"},{"line_number":18,"context_line":"from six.moves.urllib import parse as urlparse"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from keystoneauth1 import _utils as utils"},{"line_number":21,"context_line":"from keystoneauth1 import access"}],"source_content_type":"text/x-python","patch_set":5,"id":"b1c1294b_bfb78404","line":18,"updated":"2023-02-21 14:39:51.000000000","message":"We are moving away from six as it\u0027s not needed in python3, just use urllib here.","commit_id":"70d98a6a410a6513fac61f646f4662c94097a844"},{"author":{"_account_id":35705,"name":"Arvid Requate","email":"requate@univention.de","username":"reqa"},"change_message_id":"e20178f4155d6bb77672d618ef746df5799efd60","unresolved":false,"context_lines":[{"line_number":15,"context_line":"import warnings"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"import six"},{"line_number":18,"context_line":"from six.moves.urllib import parse as urlparse"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from keystoneauth1 import _utils as utils"},{"line_number":21,"context_line":"from keystoneauth1 import access"}],"source_content_type":"text/x-python","patch_set":5,"id":"ce77937e_de52a7fc","line":18,"in_reply_to":"b1c1294b_bfb78404","updated":"2023-02-28 11:05:48.000000000","message":"Done","commit_id":"70d98a6a410a6513fac61f646f4662c94097a844"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"43b38ece04b7736e511cec6c6600c8c13d664f39","unresolved":true,"context_lines":[{"line_number":579,"context_line":"                 \u0027device_code\u0027: self.device_code}"},{"line_number":580,"context_line":"        :type payload: dict"},{"line_number":581,"context_line":"        \"\"\""},{"line_number":582,"context_line":"        print(\"\\nPlease open %s to authenticate against Keycloak\\n\""},{"line_number":583,"context_line":"              % (self.verification_uri_complete,))"},{"line_number":584,"context_line":""},{"line_number":585,"context_line":"        client_auth \u003d (self.client_id, self.client_secret)"}],"source_content_type":"text/x-python","patch_set":5,"id":"fde5a72d_f138ced5","line":582,"range":{"start_line":582,"start_character":56,"end_line":582,"end_character":64},"updated":"2023-02-22 13:10:14.000000000","message":"Its a nit, but I think we should just say something like this:\nf\"To authenticate please go to: {self.verification_uri_complete}\"\n\nMostly as we don\u0027t know its keycloak, it could be any IdP that supports this flow, and its easier if the URL is at the end of the message, I think.","commit_id":"70d98a6a410a6513fac61f646f4662c94097a844"},{"author":{"_account_id":35705,"name":"Arvid Requate","email":"requate@univention.de","username":"reqa"},"change_message_id":"e20178f4155d6bb77672d618ef746df5799efd60","unresolved":false,"context_lines":[{"line_number":579,"context_line":"                 \u0027device_code\u0027: self.device_code}"},{"line_number":580,"context_line":"        :type payload: dict"},{"line_number":581,"context_line":"        \"\"\""},{"line_number":582,"context_line":"        print(\"\\nPlease open %s to authenticate against Keycloak\\n\""},{"line_number":583,"context_line":"              % (self.verification_uri_complete,))"},{"line_number":584,"context_line":""},{"line_number":585,"context_line":"        client_auth \u003d (self.client_id, self.client_secret)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff361c54_b526998a","line":582,"range":{"start_line":582,"start_character":56,"end_line":582,"end_character":64},"in_reply_to":"fde5a72d_f138ced5","updated":"2023-02-28 11:05:48.000000000","message":"Done","commit_id":"70d98a6a410a6513fac61f646f4662c94097a844"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"eff37bbecfc1d931d3fdc6b4c29eec9a30f6096d","unresolved":true,"context_lines":[{"line_number":552,"context_line":"            self._get_device_authorization_endpoint(session)"},{"line_number":553,"context_line":"        op_response \u003d session.post(device_authz_endpoint,"},{"line_number":554,"context_line":"                                   requests_auth\u003dclient_auth,"},{"line_number":555,"context_line":"                                   data\u003d{},"},{"line_number":556,"context_line":"                                   authenticated\u003dFalse)"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        self.expires_in \u003d int(op_response.json()[\"expires_in\"])"}],"source_content_type":"text/x-python","patch_set":7,"id":"3b399905_f239f3a0","line":555,"updated":"2023-03-08 16:45:49.000000000","message":"Sorry, took a while to get to test this. This fails for me (although I assume its fine with keycloak).\n\nThis failed with request not acceptable with the server I was testing. Then after fixing this to send (headers\u003dself.HEADER_X_FORM), it then wanted a scope, so I did this:\n\n``\n        op_response \u003d session.post(device_authz_endpoint,\n                                   requests_auth\u003dclient_auth,\n                                   headers\u003dself.HEADER_X_FORM,\n                                   data\u003d\"scope\u003dopenid\",\n                                   authenticated\u003dFalse)\n``\n\nI don\u0027t have a keycloak to test with, but that seems to better match the RFC:\nhttps://www.rfc-editor.org/rfc/rfc8628#section-3.1\n\nDo you think that would also work with keycloak?","commit_id":"44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7"},{"author":{"_account_id":35705,"name":"Arvid Requate","email":"requate@univention.de","username":"reqa"},"change_message_id":"cacea47cbb2e332a6886e33e29a064faa0d6925e","unresolved":true,"context_lines":[{"line_number":552,"context_line":"            self._get_device_authorization_endpoint(session)"},{"line_number":553,"context_line":"        op_response \u003d session.post(device_authz_endpoint,"},{"line_number":554,"context_line":"                                   requests_auth\u003dclient_auth,"},{"line_number":555,"context_line":"                                   data\u003d{},"},{"line_number":556,"context_line":"                                   authenticated\u003dFalse)"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        self.expires_in \u003d int(op_response.json()[\"expires_in\"])"}],"source_content_type":"text/x-python","patch_set":7,"id":"759b8c83_4bd73bae","line":555,"in_reply_to":"3b399905_f239f3a0","updated":"2023-03-08 18:24:42.000000000","message":"Good point, makes sense. How do I update this in opendev? Before it was merged I would simply have submitted an amended version of the commit, but I guess that\u0027s not a good idea now. I guess I could simply commit a new commit on top and submit it for review. But do I use the same Change-Id  ? And if I use a new one, will it opendev somehow recognize the connection to this discussion? Sorry for the newbie questions.","commit_id":"44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"32a0d981606934b436671f259c5c7bfcc67e7efe","unresolved":true,"context_lines":[{"line_number":552,"context_line":"            self._get_device_authorization_endpoint(session)"},{"line_number":553,"context_line":"        op_response \u003d session.post(device_authz_endpoint,"},{"line_number":554,"context_line":"                                   requests_auth\u003dclient_auth,"},{"line_number":555,"context_line":"                                   data\u003d{},"},{"line_number":556,"context_line":"                                   authenticated\u003dFalse)"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        self.expires_in \u003d int(op_response.json()[\"expires_in\"])"}],"source_content_type":"text/x-python","patch_set":7,"id":"e3b297f7_03cd3399","line":555,"in_reply_to":"759b8c83_4bd73bae","updated":"2023-03-08 20:33:20.000000000","message":"Just create a new commit. The change id is unique to this commit, so you can\u0027t use that, gerrit will auto-generate a new one for you.\n\nYou can reference the hash of the commit ( 44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7 ) in the new commit message.","commit_id":"44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7"},{"author":{"_account_id":35705,"name":"Arvid Requate","email":"requate@univention.de","username":"reqa"},"change_message_id":"4d6dc2a7b8d661f8093aeddeab1ad9d5396f1173","unresolved":false,"context_lines":[{"line_number":552,"context_line":"            self._get_device_authorization_endpoint(session)"},{"line_number":553,"context_line":"        op_response \u003d session.post(device_authz_endpoint,"},{"line_number":554,"context_line":"                                   requests_auth\u003dclient_auth,"},{"line_number":555,"context_line":"                                   data\u003d{},"},{"line_number":556,"context_line":"                                   authenticated\u003dFalse)"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        self.expires_in \u003d int(op_response.json()[\"expires_in\"])"}],"source_content_type":"text/x-python","patch_set":7,"id":"a182839e_fbebd0c1","line":555,"in_reply_to":"e3b297f7_03cd3399","updated":"2023-03-08 20:43:38.000000000","message":"Ok,submitted as https://review.opendev.org/c/openstack/keystoneauth/+/876893","commit_id":"44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7"}]}