Skip to content

Commit

Permalink
Merge pull request #20 from oxidecomputer/account-linking
Browse files Browse the repository at this point in the history 
Account linking
  • Loading branch information
@augustuswm
augustuswm authored Oct 12, 2023
2 parents e6ee372 + 1c88887 commit 66616c8
Show file tree
Hide file tree
Showing 34 changed files with 2,827 additions and 392 deletions.
19 changes: 10 additions & 9 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

100 changes: 77 additions & 23 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,86 @@

Work in progress replacement for RFD processing and programmatic access.

## TODO
## Granting access to external users

Add job state and locking
## RFD Model

### Revisions

## RFD Processing

### Triggers

### Periodic Schedule

## Authentication

Rough sketch of how users can authenticate to the RFD API
### Accounts and Providers

#### Supported Providers

GitHub -
Google -

### Account Linking

### OAuth2 Authorization Code

### OAuth2 Device Code

```
Browser Client RFD API Google
│ │ │ │
│ │ Request oauth config │ │
│ ├──────────────────────────►│ │
│ │◄──────────────────────────┤ │
│ │ Return with custom │ │
│ │ token endpoint │ │
│ │ │ │
│ │ Device authz request │ │
│ ├───────────────────────────┼────────────────────────────►│
│ Authenticate with │◄──────────────────────────┼─────────────────────────────┤
│ Google and enter │ Return device_code, │ │
│ user_code │ user_code, etc │ │
│◄───────────────────┤ │ │
│ │ │ │
│ │ Poll token endpoint │ │
│ ├──────────────────────────►│ │
│ │ device_code │ Proxied token call │
│ │ . ├────────────────────────────►│
│ │ . │◄────────────────────────────┤
│ │ . │ Return access token │
│ │◄──────────────────────────┤ │
│ │ Failure response: │ │
│ │ Authn not complete │ │
├───────────────────►│ │ │
│ Complete authn │ Poll token endpoint │ │
│ ├──────────────────────────►│ │
│ │ device_code │ Proxied token call │
│ │ ├────────────────────────────►│
│ │ │◄────────────────────────────┤
│ │ │ Return access token │
│ │◄──────────────────────────┤ │
│ │ Use access token to │ │
│ │ fetch user info and │ │
│ │ perform authn based │ │
│ │ on verified emails │ │
│ │ into the RFD API. │ │
│ │ Return RFD API token │ │
│ │ │ │
│ │ │ │
```
┌─────────┐ ┌─────────┐
│ Google │ │ GitHub │
└────┬────┘ └──┬───┬──┘
│ ┌───────┘ └───────────┐
┌─────────┴─────────┐ ┌─────────┴─────────┐ ┌───────────┴───────────┐
│ OIDC Access Token │ │ App Access Token │ │ Personal Access Token │
└─────────┬─────────┘ └─────────┬─────────┘ └───────────┬───────────┘
│ │ │
┌─────────┴─────────┐ ┌───┴───────────────────────┴───┐
│ /login/jwt/google │ │ /login/access-token/github │
└─────────┬─────────┘ └───────────────┬───────────────┘
└─────────────┐ ┌───────────────┘
┌─────────┴───┴─────────┐
│ Create/Fetch API User │
└───────────┬───────────┘
┌────────────┴────────────┐
│ Create New Access Token │
└─────────────────────────┘
```

## Authorization

### Permissions

### Groups

### Mappers

#### Supported Mappers

Email Address -
Email Domain -
GitHub Username -
Loading

0 comments on commit 66616c8

Please sign in to comment.