Discuss status API server readiness for user authentication #627
Comments
snkaupe
added
question
|
The API server does not, per definition, include any kind of user authentication. See:
Ref: scs-0402-v1-status-page-openapi-spec-decision.md This is realized by using Dex IdP and Oathkeeper in SovereignCloudStack/status-page-deployment. Dex performs OAuth2 with GitHub and supplies an OIDC endpoint. Oathkeeper secures the API server, by validating the JWT received by Dex and applying rule bases access controll. Dex requires the frontend to perform an OIDC Auth, like Auth Code Flow. This can be either done manually. See: SovereignCloudStack/status-page-deployment/docs/usage.md#receive-auth-code Or in the case of the Angular frontend with an client like damienbod/angular-auth-oidc-client. |
|
So, in order to develop and test the login functionality, it will no longer be sufficient to simply start the API server and Angular web application, but instead, we'll need to use the deployment scripts in some kind of environment like |
|
This can be tested against the local Please refer to the documentation of your desired environment and SovereignCloudStack/status-page-deployment/docs/configuration.md. I would recommend the k3s test deployment, as it is not used for anything else and can easily discarded. If you want direct cluster access to flush and redeploy, I can set up access for you. |
@joshuai96 mentioned the status API server supporting user authentication. We will need to discuss the details on this and if there are any changes necessary to enable us to implement GitHub as an identity provider.
Definition of Done
The text was updated successfully, but these errors were encountered: