New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accessing OIDC tokens from Pulsar #15526
Labels
Comments
second option makes a lot of sense to me |
Agreed, @jmchilton do you have any reservations here ? |
SergeyYakubov
added a commit
to SergeyYakubov/galaxy
that referenced
this issue
Mar 27, 2023
SergeyYakubov
added a commit
to SergeyYakubov/pulsar
that referenced
this issue
Apr 10, 2023
allows to configure plugins for user authentication/authorization. Includes methods to authenticate based on OIDC token (see issue galaxyproject/galaxy#15526)
SergeyYakubov
added a commit
to SergeyYakubov/pulsar
that referenced
this issue
Apr 10, 2023
as job launch parameter so that it is sent to Pulsar from Galaxy. See corresponding PR (galaxyproject/galaxy#15300) and issue (galaxyproject/galaxy#15526) for Galaxy
SergeyYakubov
added a commit
to SergeyYakubov/pulsar
that referenced
this issue
Apr 10, 2023
Includes methods to authenticate based on OIDC token (see issue galaxyproject/galaxy#15526)
This was referenced Apr 10, 2023
SergeyYakubov
added a commit
to SergeyYakubov/pulsar
that referenced
this issue
May 3, 2023
as job launch parameter so that it is sent to Pulsar from Galaxy. See corresponding PR (galaxyproject/galaxy#15300) and issue (galaxyproject/galaxy#15526) for Galaxy
SergeyYakubov
added a commit
to SergeyYakubov/pulsar
that referenced
this issue
May 3, 2023
Includes methods to authenticate based on OIDC token (see issue galaxyproject/galaxy#15526)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Now that we have OIDC tokens available and refreshed in Galaxy (after PR #15300 is merged), we want to make them accessible in Pulsar so that we can use them to authenticate users and access resources on a remote machine.
The problem is that we cannot just send an ID token with job metadata since it might expire before it is needed. So, we've discussed this internally and see two options here:
We want to implement option 2, but we would like to discuss it here first.
The text was updated successfully, but these errors were encountered: