particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

auth: OpenID/OAUth2 middleware

Browse source 
2 configurations for the listeners are now possible:
- enableJWT=false with client ssl auth
- enableJWT=true with https

Actual verification of the tokens is handled by
https://github.com/openshift-online/ocm-sdk-go.

An authentication handler is run as the top level handler, before any
routing is done. Routes which do not require authentication should be
listed as exceptions.

Authentication can be restricted using an ACL file which allows
filtering based on JWT claims. For more information see the inline
comments in ocm-sdk/authentication.

As an added quirk the `-v` flag for the osbuild-composer executable was
changed to `-verbose` to avoid flag collision with glog which declares
the `-v` flag in the package `init()` function. The ocm-sdk depends on
glog and pulls it in.
This commit is contained in:
sanne 2021-08-05 16:56:10 +02:00 committed by Tom Gundersen
parent 58613788bc
commit 4a057bf3d5
192 changed files with 25042 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/worker/client.go
View file

@ -66,10 +66,6 @@ func NewClient(baseURL string, conf *tls.Config, offlineToken, oAuthURL *string)
panic(err)
}
if conf != nil && offlineToken != nil {
return nil, fmt.Errorf("error creating client, both tls and oauth are enabled")
}
requester := &http.Client{}
if conf != nil {
requester.Transport = &http.Transport{