action #67576
closed[spike:20h] github as authentication provider
0%
Description
Motivation¶
We only support "OpenID" and "Fake" authentication so far. In #66703 we can see the problem with the high reliance on OpenID. In multiple places we are happy users of what github provides. We should research how feasible it is to support github as authentication provider, same as many other services do.
Updated by livdywan over 4 years ago
- Status changed from Workable to In Progress
- Assignee set to livdywan
- Target version changed from Ready to Current Sprint
Updated by livdywan over 4 years ago
- OAuth 2.0 which GitHub supports is pretty straightforward. Request a token via GET, get a temporary code and turn that into an access token.
- An application has to be registered. The domain has to match or the login will fail.
- Getting user details like nickname/fullname/email requires gitHub-specific API, although that's just one more GET.
- Mojolicious::Plugin::OAuth2 looks to make OAuth 2.0 easy to implement. Bonus points for supporting various other services by design.
- We could get the
gravataravatar and use it - this would be a new feature.
My proof of concept actually turned into a working implementation pretty quickly.
On a side note, we could hypothetically use GitHub credentails for needle editing. Although I didn't explore this further.
Updated by okurz over 4 years ago
- We could get the gravatar and use it - this would be a new feature.
We already support gravatar. Isn't that only based on the email?
Updated by livdywan over 4 years ago
okurz wrote:
- We could get the gravatar and use it - this would be a new feature.
We already support gravatar. Isn't that only based on the email?
Sorry, I actually meant avatar there. The email is optional if the user chooses to hide it. So using the provided avatar would work better in that case.
Updated by livdywan over 4 years ago
Note: @tinita was so kind to me help out by preparing a package for the OAuth 2.0 plugin: https://build.opensuse.org/request/show/811723
Updated by tinita over 4 years ago
The request for Factory is here: https://build.opensuse.org/request/show/811785 (still in review)
Updated by okurz over 4 years ago
https://build.opensuse.org/request/show/811785 is accepted. PR has has at least still one open unresolved comment https://github.com/os-autoinst/openQA/pull/3150#discussion_r439386640
Updated by livdywan over 4 years ago
- Status changed from In Progress to Feedback
https://github.com/os-autoinst/openQA/pull/3150
The Feedback here is not going to be observed in production instances, as we don't plan to enable it for now. Although we might see some on other instances so I'll use the status like usual.
Btw docs are/will be here soon http://open.qa/docs/#authentication
Updated by okurz over 4 years ago
- Status changed from Feedback to Resolved
@cdywan you provided a minor fix with https://github.com/os-autoinst/openQA/pull/3258 which has been merged and is active. http://open.qa/docs/#authentication is updated and we do not need to verify this on our production instances so considered "Resolved"