-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM-224-Oauth interface implementation #278
IAM-224-Oauth interface implementation #278
Conversation
5c28065
to
9c3f993
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that the oauth_tools.constants.OAUTH_RELATION
var should be removed. It is used in too many places and I find it confusing.
Also not sure if all of the helper functions make much sense, e.g. I would expect access_application_login_page
to simply navigate me to a page, but it also expects a redirect to happen. This seems to specific to this use case and I am not sure if we need to abstract it.
refactor: refactors made on comments on pr canonical#278
fe4458f
to
2c24f25
Compare
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
e4e77f2
to
c43b0be
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM, only some minor comments.
273027e
to
f537bf3
Compare
5d59ee0
to
fdef95c
Compare
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
45e9af1
to
9a9be8b
Compare
38fa097
to
6eef76b
Compare
pass oauth config as env variables fix mypy issue address review comments
send new client config to oauth relation on config_changed event address review comments fix lint
fix pyright check error fix relation-broken event, change oauth provider name fix integration tests fix rebase issue
fix: rebase conflict
fix: rebase correction
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
The ca certs were updated after the services restarted
This reverts commit b636947.
6eef76b
to
1d047b3
Compare
1d047b3
to
24283e1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couple of minor recommendations/clarification requests from my side, rest looks good.
Just for reference: graph LR
hydra ---|pg-database:database| postgresql-k8s
kratos ---|pg-database:database| postgresql-k8s
kratos ---|endpoint-info| hydra
kratos-external-idp-integrator ---|kratos-external-idp| kratos
hydra ---|admin-ingress:ingress| traefik-admin
hydra ---|public-ingress:ingress| traefik-public
kratos ---|admin-ingress:ingress| traefik-admin
kratos ---|public-ingress:ingress| traefik-public
identity-platform-login-ui-operator ---|ingress| traefik-public
identity-platform-login-ui-operator ---|endpoint-info| hydra
identity-platform-login-ui-operator ---|ui-endpoint-info| hydra
identity-platform-login-ui-operator ---|ui-endpoint-info| kratos
identity-platform-login-ui-operator ---|kratos-endpoint-info| kratos
identity-platform-admin-ui-operator --- oathkeeper
identity-platform-admin-ui-operator --- hydra
identity-platform-admin-ui-operator --- kratos
openfga --- postgresql-k8s
openfga --- identity-platform-admin-ui-operator
openfga --- identity-platform-login-ui-operator
|
Issue
Grafana is Oauth 2.0 capable, but the charm currently can't use the Identity Platform's oauth interface.
Solution
This pr implements integration with the oauth interface, and includes unit and integration tests to verify correct behavior.
Context
Relevant projects are:
playwright
Identity bundle
Hydra charm
Testing Instructions
Use tox for both unit and integration test.
Release Notes