-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for offline tokens #2468
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a few comments mostly around keeping the way we read/set flags consistent with the rest of the CLI commands.
1bcd652
to
5242596
Compare
5fc7218
to
a93844b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO if we're going to expose offline tokens to external users we need to show them how to revoke the tokens.
In theory it's possible now through the keycloak account management, but we don't direct users there.
Long: `The minder auth offline-token get command project lets you retrieve an offline token | ||
for the minder control plane. | ||
|
||
Offline tokens are used to authenticate to the minder control plane without |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if this should say "to the minder CLI", since the tokens are scoped to the CLI client. In theory tokens generated by different clients can have different characteristics, although in our current implementation they don't.
I agree. And Keycloak has a token revocation endpoint we could use, want me to include that as part of this PR? Was thinking of adding a |
Yeah I think it should be part of this PR so we don't accidentally release a CLI version without the revocation option |
@eleftherias sounds good! I'll work on that tomorrow. |
03890d3
to
bf6714c
Compare
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
Just rebased |
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
Summary
This adds new sub-commands to
minder auth
which enable the usage and installationof offline tokens. These tokens enable you to create long-lived credentials which are handy
for CI and automation cases.
Co-Authored-By: Eleftheria Stein-Kousathana eleftheria@stacklok.com
Change Type
Mark the type of change your PR introduces:
Testing
Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.
Review Checklist: