Skip to content

feat: add azure oidc PKI auth instead of client secret #9054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Aug 14, 2023
Merged

feat: add azure oidc PKI auth instead of client secret #9054

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
8ba23b1
feat: add azure oidc PKI auth instead of client secret
Emyrk Aug 11, 2023
c62e548
add client cert and key as deployment options
Emyrk Aug 11, 2023
664895f
add unit test
Emyrk Aug 11, 2023
74f9245
fixup! add unit test
Emyrk Aug 11, 2023
ce39f2d
Refactor code into a method
Emyrk Aug 11, 2023
7346fbf
Custom token refresher to handle pki auth
Emyrk Aug 11, 2023
9c73346
Add unit test for mock e2e
Emyrk Aug 11, 2023
15db163
Add comments
Emyrk Aug 14, 2023
801799f
add little comment about constant 5min
Emyrk Aug 14, 2023
6914619
Fix typo
Emyrk Aug 14, 2023
e6c0a57
Merge remote-tracking branch 'origin/main' into stevenmasley/pki_auth…
Emyrk Aug 14, 2023
cb98e18
update golden files
Emyrk Aug 14, 2023
1479644
Test linting
Emyrk Aug 14, 2023
0f508f5
Add yaml config options
Emyrk Aug 14, 2023
189007f
make gen again...
Emyrk Aug 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add yaml config options
  • Loading branch information
@Emyrk
Emyrk committed Aug 14, 2023
commit 0f508f542b67e77514e5f5e6fbdc3379753e839f
1 change: 1 addition & 0 deletions coderd/oauthpki/okidcpki_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ func TestAzureADPKIOIDC(t *testing.T) {
PemEncodedKey: []byte(testClientKey),
PemEncodedCert: []byte(testClientCert),
Config: oauthCfg,
Scopes: []string{"openid", "email", "profile"},
})
require.NoError(t, err, "failed to create pki config")

Expand Down
2 changes: 2 additions & 0 deletions codersdk/deployment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -977,6 +977,7 @@ when required by your organization's security policy.`,
"This can be used instead of oidc-client-secret if your IDP supports it.",
Flag: "oidc-client-key-file",
Env: "CODER_OIDC_CLIENT_KEY_FILE",
YAML: "oidcClientKeyFile",
Value: &c.OIDC.ClientKeyFile,
Group: &deploymentGroupOIDC,
},
Expand All @@ -986,6 +987,7 @@ when required by your organization's security policy.`,
"The public certificate that accompanies oidc-client-key-file. A standard x509 certificate is expected.",
Flag: "oidc-client-cert-file",
Env: "CODER_OIDC_CLIENT_CERT_FILE",
YAML: "oidcClientCertFile",
Value: &c.OIDC.ClientCertFile,
Group: &deploymentGroupOIDC,
},
Expand Down