Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Auth flow for User Account Creation #691

Closed
lukehinds opened this issue Aug 17, 2023 · 6 comments
Closed

Enable Auth flow for User Account Creation #691

lukehinds opened this issue Aug 17, 2023 · 6 comments
Assignees
@jhrozek @eleftherias
Labels
priority: urgent Urgent request
Milestone
OSS MVP

Comments

@lukehinds
Copy link
Contributor

Currently new users are created with the medic auth command. The assumption here, is that a root admin will create the account on the users behalf (or the user and the root user are the same person).

When we release our Baby SaSS / MVP, this will not work for folks external to stacklok.

We need away for them to easily create an account using sso / OAuth flows (login with Google/Github/Microsoft etc).

The flow will be to run medic, generate an auth_url and open that within a browser. Similar to the flow we use for enroll.

When we do this, we need to keep in mind that this feature will also be needed by the UI now that we have @davolokh onboard who will be looking to build out our frontend. With the frontend instead of a JWT being saved within a local file to the CLI, it will instead need to be a session cookie used by the browser.
@lukehinds
Copy link
Contributor Author

@eryn-muetzel 👀

@lukehinds
Copy link
Contributor Author

I should add, we could also have email signup (user creates their own account without an iDP acting for them).

@eryn-muetzel
Copy link
Contributor

Thanks - this looks good. I'll add it as a user story to the epic once I have that in GitHub

@yrobla yrobla added the priority: urgent Urgent request label Aug 22, 2023
@lukehinds
Copy link
Contributor Author

Did this get mapped @eryn-muetzel ? I am thinking this could be a good issue for @eleftherias who has exp with Oauth2 / social logins

Cc @jhrozek @JAORMX

@jhrozek jhrozek mentioned this issue Sep 1, 2023
Closed
@jhrozek
Copy link
Contributor

jhrozek commented Sep 1, 2023

Did this get mapped @eryn-muetzel ? I am thinking this could be a good issue for @eleftherias who has exp with Oauth2 / social logins

Cc @jhrozek @JAORMX

This should probably become an epic of its own with a design doc which we should help with rather than throwing @eleftherias into the deep end :-)

Dumping what we discussed on a call with @JAORMX and @rdimitrov a little while ago:

  • how do we represent the users who auth against an external IDP in our DB so that we can bind mediator specific RBAC to them
  • we should think about multitenancy (e.g. I auth with my GH account but I'm a member of "stacklok" and "Kubernetes" groups/projects with different privileges)
  • this might require rework on how we handle authnz, currently we just have a a hardcoded map

@lukehinds lukehinds added epic large bodies of work that can be broken down into a number of smaller tasks and removed user-story labels Sep 13, 2023
@dussab dussab added this to the OSS MVP milestone Sep 18, 2023
@eleftherias eleftherias removed the epic large bodies of work that can be broken down into a number of smaller tasks label Sep 25, 2023
@eleftherias
Copy link
Contributor

Turning this from an epic into an issue and adding it as a sub-task of Social Logins

This was referenced Sep 28, 2023
Merged
Merged
Merged
@mindersec mindersec deleted a comment from eleftherias Nov 3, 2023
@mindersec mindersec deleted a comment from eryn-muetzel Nov 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhrozek jhrozek

@eleftherias eleftherias

Labels
priority: urgent Urgent request
Projects
None yet
Milestone
OSS MVP
Development

No branches or pull requests
6 participants
@jhrozek @dussab @yrobla @eleftherias @lukehinds @eryn-muetzel