Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM 597 #39

Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

IAM 597 #39

wants to merge 18 commits into from

Conversation

shipperizer
Copy link
Contributor

@shipperizer shipperizer commented Dec 5, 2023
edited
Loading

  • feat: update git source and snaps to use hydra device flow feature
  • feat: add device flow test application
  • ci: add deployment for test app
  • ci: create helm deployments for hydra ecosystem
  • ci: skaffold setup for local testing
  • feat: add kratos to the game
  • feat: introduce login ui
  • feat: introduce cert-manager and contour
  • ci: add Makefile for steps automation
  • feat: hook up login-ui from device-flow branch

##################################

To give it a shot:

  • swap lxd main port to 8444 (or other) sudo lxc config set core.https_address :8444 && sudo snap restart lxd
  • get proper provider credentials (eg microsoft) and swap them in hack/helm/kratos.yaml
  • run dev Makefile target with make dev
  • follow what shows up in the logs

image
image
image

@shipperizer shipperizer added enhancement New feature or request nomerge DO NOT MERGE labels Dec 6, 2023
@shipperizer shipperizer self-assigned this Dec 6, 2023
@nsklikas nsklikas force-pushed the IAM-597 branch 2 times, most recently from 179654d to 4e82701 Compare March 29, 2024 10:27
@nsklikas nsklikas mentioned this pull request Mar 29, 2024
Merged
nsklikas
nsklikas reviewed Mar 29, 2024
View reviewed changes
hack/flow-test/main.go
AuthURL: specs.AuthURL,
TokenURL: specs.TokenURL,
DeviceAuthURL: specs.DeviceAuthURL,
AuthStyle: oauth2.AuthStyleInHeader,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is needed because otherwise the go client will try to hit the token endpoint again when it gets an authorization_pending response. The reason for this is that if no client authn method is specified, the client will try to hit the token endpoint with another auth method if it gets a token endpoint error. The problem is that it does not parse the error code to validate that the error was caused by a client_authn_failed.

@shipperizer shipperizer force-pushed the IAM-597 branch 2 times, most recently from 583dceb to f0fb12f Compare April 5, 2024 09:22
shipperizer and others added 11 commits April 5, 2024 16:22
@shipperizer
ci: skaffold setup for local testing
fbcab22
@shipperizer
feat: add kratos to the game
75fdf2f
@shipperizer
feat: introduce login ui
80c59ed
@shipperizer
feat: introduce cert-manager and contour
3330d9b
@shipperizer
ci: add Makefile for steps automation
5575dea
@shipperizer
feat: hook up login-ui from device-flow branch
1009ec5
@shipperizer
feat: add github as provider
cc538bf
@nsklikas @shipperizer
refactor: Clean up
da5c329 
This commit includes a bunch of changes:
- Specify 8443 port
- Automatically create the Hydra client if no client_id is provided
- Do not start server in go code
- Clean up messages
- Set log level for login UI to info
@nsklikas @shipperizer
fix: update config
c73a8a9 
- Point to canonical hydra repo
- Pin contour version
@nsklikas @shipperizer
fix: Specify client authn method
5e7b1ce 
This is needed because if the method is not specified, the go client
will try to hit the token endpoint again, but with a different client
authn method if the first one fails. The problem is that the go client
does not try to parse the error it got from the provider, which in the
device flow most of the time will be authorization_pending.
@nsklikas @shipperizer
fix: WIP build hydra from branch
43943f3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nsklikas nsklikas nsklikas left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@shipperizer shipperizer

Labels
enhancement New feature or request nomerge DO NOT MERGE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shipperizer @nsklikas