Bonjour,
Assuming the representation of a software project as a whole is stored in the repository (in a dedicated branch for data other than the code), the fedeproxy server needs to store, for each user:
- the authentication token it needs to act on its behalf on each forge
- list of software projects URLs that are to be federated because they are the same software project
First run
- The user provides two URLs to fedeproxy (for instance https://github.com/ceph/ceph and https://mygitlab.org/user/ceph)
- Fedeproxy stores in its database that https://github.com/ceph/ceph and https://mygitlab.org/user/ceph are federated
- Fedeproxy uses OAuth2 to obtain a token to act on behalf of the user on both GitHub and mygitlab and stores them in its database
- Fedeproxy collects an email via OAuth2 so that it can send a reminder before the token expires otherwise the user can’t know that they need to renew it (same as LE expiration except it cannot be automated)
- Fedeproxy stores in its database that https://github.com/mygithubuser and https://mygitlab.org/mygitlabuser, as authenticated by OAuth2 are the same user
Reboot
- The database is reloaded, no action is required from the user
An OAuth2 token is about to expire
- An email is sent to the user who was authenticated
- Fedeproxy uses OAuth2 to obtain a token to act on behalf of the user for the forge that needs it