Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow OAuth 2.0 Device Authorization Grant to authenticate #25

Closed
knikolla opened this issue Jan 19, 2024 · 0 comments · Fixed by #28
Closed

Allow OAuth 2.0 Device Authorization Grant to authenticate #25

knikolla opened this issue Jan 19, 2024 · 0 comments · Fixed by #28
Assignees
@knikolla @QuanMPhm

Comments

@knikolla
Copy link
Collaborator

knikolla commented Jan 19, 2024
edited
Loading

The script to register users currently requires a service account to authenticate with Keycloak, however Keycloak also supports OAuth 2.0 Device Authorization Grant. This is the flow in which the CLI generates a code and link, you open a browser and authenticate using that link, which gives you a token, and you insert that into the CLI. This is the flow that you authenticate to streaming services on your TV and the flow that OpenShift uses for CLI authentication.

If we support/document this flow, we can allow users to interact with the API through the CLI without requiring a Keycloak service account.

If we additionally support #11 we could allow PIs themselves to bulk add through the script.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knikolla knikolla

@QuanMPhm QuanMPhm

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@knikolla @QuanMPhm