README.md,HACKING.md: update for SSO/OAuth2

Add documentation how to properly configure and use OAuth2.
2022-02-02 15:25:49 +00:00 · 2022-02-02 15:25:49 +00:00 · c56bcba78c
commit c56bcba78c
parent c1a887a9a9
2 changed files with 28 additions and 0 deletions
--- a/HACKING.md
+++ b/HACKING.md
@ -62,6 +62,19 @@ build via the koji XML RPC.
 sudo  test/copy-creds.sh
 ```

+### Run the mock OpenID server
+
+The koji builder plugin needs to be authorized in order to be able
+to start a compose via Composer. The default authentication scheme
+is `OAuth2`. For testing purposes we can use the mock OpenID server
+that is included in the `osbuild-composer-tests` package. A helper
+script is included to start and stop the server with the correct
+parameters.
+
+```sh
+sudo test/run-openid.sh start
+```
+
 ### Run the koji builder

 Run the koji builder instance can be started. Here `fg` means that
--- a/README.md
+++ b/README.md
@ -65,6 +65,21 @@ ssl_cert = /share/worker-crt.pem, /share/worker-key.pem
 # directory containing certificates of trusted CAs.
 ssl_verify = /share/worker-ca.pem

+[composer:oauth]
+# Authorization via OAuth2/SSO, as alternative to client side certs.
+# The "Client Credentials Grant" (RFC 6749 section 4.4) flow is used,
+# which requires the client id and secret to be specified as well as
+# the endpoint of where to obtain tokens.
+
+# String that uniquely identifies the client (RFC 6749, 2.2).
+client_id = koji
+
+# Secret corresponding to the client id.
+client_secret = koji
+
+# URL to the endpoint that will provide the token.
+token_url = https://localhost:8081/token
+
 [koji]
 # The URL to the koji hub XML-RPC endpoint
 server = https://koji.fedoraproject.org/kojihub