-
-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generic OIDC auth #195
Comments
Is OIDC not a different protocol from Oauth2? |
Maybe not, I am not super familiar with the specifics. What might already work today is oauth2-proxy: https://oauth2-proxy.github.io/oauth2-proxy/ |
There is https://github.com/buildbot/buildbot/blob/331121358ba547a6d445de8760c5c8d359171cf8/master/buildbot/www/auth.py#L102 so a proxy could set a header value pointing to the user. |
Question is, how we handle permissions in this case? Treat all logged in people as admins? |
OIDC is a protocol built on top of OAuth2. It standardises how user information is retrieved once they are authenticated. E.g. some of buildbot's built in authentication providers uses standard OIDC claims such as |
I put this under the future milestone as for this to really make sense, #176 needs to be in place. If there are any objections to this, let me know. |
Oauth actually does indeed not look that complicated: https://git.lix.systems/lix-project/buildbot-nix/src/commit/45135d249b47f95846854e0145028b6f6e30dea1/buildbot_nix/__init__.py#L46 |
It would be nice to specify a generic OIDC login provider rather than GitHub or Gitea. For example, I use Dex.
This is should be easy to implement Python-wise as both
GiteaAuth
andGitHubAuth
are subclasses ofbuildbot.www.oauth2.OAuth2Auth
.The text was updated successfully, but these errors were encountered: