OIDC Authentication Support #495
Conversation
|
@davidcorrigan714 Before delving into the code, I've noticed that adding new dependencies has inflated the extension size to 40MB. This increase could potentially trigger errors, as illustrated here: microsoft/azure-devops-extension-tasks#165. Consequently, older TFS agents are unable to install the extension. To create and gauge the extension size, run Would it be feasible to transition to using the REST API for token exchange directly and remove the newly added dependencies? Additionally, updating the task versions isn't necessary; we handle that during the release phase. Once the extension size stabilizes, we'll proceed to review your code. One additional point - I couldn't locate any guidance on how to use this feature. Could you provide more details on its usage and document it in the README? Thanks once again. |
npm run formatfor formatting the code before submitting the pull request.This adds OIDC Authentication support allowing passwordless authentication between Azure DevOps Service and the JFrog Platform. It's the Azure DevOps equivalent of the GitHub Actions OIDC integration workflow. Essentially in JFrog an OIDC provider is configured for each Azure DevOps organization that needs to authenticate, and an identity mapping in that OIDC provider is created for each service connection that authenticates into the JFrog Platform. The Azure DevOps integration isn't quite as user friendly to configure, the details for the configuration are currently printed in the task logs but if a good how-to document was created then users could refer to that for the values.
I have tested this against a few JFrog tasks but not all of them. I'm not sure if there's a good way to add automated tests for these changes but I'm working on setting up a pipeline to run all the tasks with both OIDC and tokens to make sure it's all working and I didn't miss an async or await somewhere.
Related Issue: #494