Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for issue a token from an IdentityProvider using OAuth2 or OpenIDConnect client_credential grant. #926

Closed
decko opened this issue Mar 18, 2024 · 1 comment · Fixed by #1013
Closed

Add support for issue a token from an IdentityProvider using OAuth2 or OpenIDConnect client_credential grant. #926

decko opened this issue Mar 18, 2024 · 1 comment · Fixed by #1013
Labels
feature request New feature request (template-set)

Comments

@decko
Copy link
Member

decko commented Mar 18, 2024

Summary

Using OAuth2 or OpenIDConnect client_credential grant, we can issue a token from an third party Identity Provider to be used to authenticate against Pulp or an API Gateway in front of it. This access_token would be sent as an Authorization header along the request to the Pulp instance.

Examples

As an example we could use:
pulp --client_id <client_id> --client_secret <client_secret> --token_url <https://identityprovider.com/oidc/token> status
to request pulp status.
@decko decko added feature request New feature request (template-set) Triage-Needed Needs to be reviewed at next pulp-cli mtg labels Mar 18, 2024
decko added a commit to decko/pulp-cli that referenced this issue Mar 18, 2024
@decko
Rename the ThirdPartyAuthProvider to OAuth2AuthProvider.
0738418 
Closes pulp#926
@mdellweg
Copy link
Member

Please have a look at container registries.
We do not want the user to know the url of the token server. The api (or api-gateway) must send the bearer server url along with a www-authenticate header, which in turn a subclass of requests.auth.AuthBase in pulp-cli shall use to issue a token. No need to add any new parameter for the user to bother.

@mdellweg mdellweg removed the Triage-Needed Needs to be reviewed at next pulp-cli mtg label Apr 10, 2024
decko added a commit to decko/pulp-cli that referenced this issue Jul 11, 2024
@decko
Add the initial support for issuing an access_token and use it as
58b63c3 
authentication method.

Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 11, 2024
@decko
Add a CHANGE entry.
c769fd7 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 11, 2024
@decko
Follow lint rules and remove debugger statement.
8ec3970 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 22, 2024
@decko
Add the initial support for issuing an access_token and use it as
43ff8fc 
authentication method.

Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 22, 2024
@decko
Add a CHANGE entry.
6e82267 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 22, 2024
@decko
Follow lint rules and remove debugger statement.
f6939f7 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 25, 2024
@decko
Support storing and retrieving a local token.
223fff0 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 25, 2024
@decko
Moves the OAuth2Auth class to a proper place.
2d173fe 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Jul 26, 2024
@decko
Types and linting.
88d7682 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Add the initial support for issuing an access_token and use it as
5f8f558 
authentication method.

Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Add a CHANGE entry.
1fc2dc8 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Follow lint rules and remove debugger statement.
ee1e4a6 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Support storing and retrieving a local token.
ed6e4bf 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Moves the OAuth2Auth class to a proper place.
129b123 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 9, 2024
@decko
Types and linting.
fe18239 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Add the initial support for issuing an access_token and use it as
b30d46d 
authentication method.

Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Add a CHANGE entry.
4ee64a4 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Follow lint rules and remove debugger statement.
b47403d 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Support storing and retrieving a local token.
abca899 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Moves the OAuth2Auth class to a proper place.
e6aeee1 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Types and linting.
8833ba5 
Closes pulp#926
decko added a commit to decko/pulp-cli that referenced this issue Aug 22, 2024
@decko
Add OAuth2 ClientCredentials grant flow support.
1404937 
Closes pulp#926
@decko decko mentioned this issue Aug 22, 2024
Merged
ggainey pushed a commit that referenced this issue Aug 22, 2024
@decko @ggainey
Add OAuth2 ClientCredentials grant flow support.
9c516bd 
Closes #926
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature request (template-set)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add OAuth2 ClientCredentials flow support decko/pulp-cli
2 participants
@decko @mdellweg