README.md,HACKING.md: update for SSO/OAuth2

Add documentation how to properly configure and use OAuth2.
2022-02-02 15:25:49 +00:00 · 2022-02-02 15:25:49 +00:00 · c56bcba78c
commit c56bcba78c
parent c1a887a9a9
2 changed files with 28 additions and 0 deletions
--- a/HACKING.md
+++ b/HACKING.md
@ -62,6 +62,19 @@ build via the koji XML RPC.
 sudo  test/copy-creds.sh
 ```
 ### Run the mock OpenID server
 The koji builder plugin needs to be authorized in order to be able
 to start a compose via Composer. The default authentication scheme
 is `OAuth2`. For testing purposes we can use the mock OpenID server
 that is included in the `osbuild-composer-tests` package. A helper
 script is included to start and stop the server with the correct
 parameters.
 ```sh
 sudo test/run-openid.sh start
 ```
 ### Run the koji builder
 Run the koji builder instance can be started. Here `fg` means that
--- a/README.md
+++ b/README.md
@ -65,6 +65,21 @@ ssl_cert = /share/worker-crt.pem, /share/worker-key.pem
 # directory containing certificates of trusted CAs.
 ssl_verify = /share/worker-ca.pem
 [composer:oauth]
 # Authorization via OAuth2/SSO, as alternative to client side certs.
 # The "Client Credentials Grant" (RFC 6749 section 4.4) flow is used,
 # which requires the client id and secret to be specified as well as
 # the endpoint of where to obtain tokens.
 # String that uniquely identifies the client (RFC 6749, 2.2).
 client_id = koji
 # Secret corresponding to the client id.
 client_secret = koji
 # URL to the endpoint that will provide the token.
 token_url = https://localhost:8081/token
 [koji]
 # The URL to the koji hub XML-RPC endpoint
 server = https://koji.fedoraproject.org/kojihub