Skip to content

feat(auth): read the real operator identity and level from WhoAmI #47

Description

@Bugs5382

Summary

Turn the mock client-cert auth into a real one. In live/live-auth the AuthProvider calls the manager's WhoAmI and renders the verified operator (cn/serial/level); mock keeps the dev stub. Adds a denied state when no valid operator certificate is presented, and sends credentials on the fleet client so the browser presents its client cert.

Motivation

Slice A of productionize: the manager now serves mTLS client-cert auth and exposes WhoAmI (CryptOS-PKI/api#43, manager #17). The browser cannot read its own installed client cert, so the web reads the verified identity/level from the manager.

Scope

  • Operator gains level (viewer|operator|admin); AuthStatus gains denied.
  • AuthProvider calls fleetClient().whoAmI({}) in live/live-auth; keeps the 600ms stub in mock.
  • Auth gate renders a denied screen.
  • Fleet client transport sends credentials: include.
  • Refresh the vendored fleet_pb.ts from the merged api (adds the whoAmI client method).

Metadata

Metadata

Assignees

Labels

No labels
No labels

Fields

No fields configured for Feature.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions