Skip to content

Commit

Permalink
Building out account linking at integrating with cli
Browse files Browse the repository at this point in the history
  • Loading branch information
@augustuswm
augustuswm committed Oct 12, 2023
1 parent 7a9c77a commit a2e3aa6
Show file tree
Hide file tree
Showing 35 changed files with 2,763 additions and 404 deletions.
35 changes: 23 additions & 12 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ uuid = "1.2.2"
valuable = "0.1.0"
yup-oauth2 = "8.1.0"

# [patch."https://github.com/oxidecomputer/progenitor"]
# progenitor = { path = "../progenitor/progenitor" }
[patch."https://github.com/oxidecomputer/progenitor"]
progenitor = { path = "../progenitor/progenitor" }

# [patch."https://github.com/oxidecomputer/typify"]
# typify = { path = "../typify/typify" }
Expand Down
100 changes: 77 additions & 23 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,86 @@

Work in progress replacement for RFD processing and programmatic access.

## TODO
## Granting access to external users

Add job state and locking
## RFD Model

### Revisions

## RFD Processing

### Triggers

### Periodic Schedule

## Authentication

Rough sketch of how users can authenticate to the RFD API
### Accounts and Providers

#### Supported Providers

GitHub -
Google -

### Account Linking

### OAuth2 Authorization Code

### OAuth2 Device Code

```
Browser Client RFD API Google
│ │ │ │
│ │ Request oauth config │ │
│ ├──────────────────────────►│ │
│ │◄──────────────────────────┤ │
│ │ Return with custom │ │
│ │ token endpoint │ │
│ │ │ │
│ │ Device authz request │ │
│ ├───────────────────────────┼────────────────────────────►│
│ Authenticate with │◄──────────────────────────┼─────────────────────────────┤
│ Google and enter │ Return device_code, │ │
│ user_code │ user_code, etc │ │
│◄───────────────────┤ │ │
│ │ │ │
│ │ Poll token endpoint │ │
│ ├──────────────────────────►│ │
│ │ device_code │ Proxied token call │
│ │ . ├────────────────────────────►│
│ │ . │◄────────────────────────────┤
│ │ . │ Return access token │
│ │◄──────────────────────────┤ │
│ │ Failure response: │ │
│ │ Authn not complete │ │
├───────────────────►│ │ │
│ Complete authn │ Poll token endpoint │ │
│ ├──────────────────────────►│ │
│ │ device_code │ Proxied token call │
│ │ ├────────────────────────────►│
│ │ │◄────────────────────────────┤
│ │ │ Return access token │
│ │◄──────────────────────────┤ │
│ │ Use access token to │ │
│ │ fetch user info and │ │
│ │ perform authn based │ │
│ │ on verified emails │ │
│ │ into the RFD API. │ │
│ │ Return RFD API token │ │
│ │ │ │
│ │ │ │
```
┌─────────┐ ┌─────────┐
│ Google │ │ GitHub │
└────┬────┘ └──┬───┬──┘
│ ┌───────┘ └───────────┐
┌─────────┴─────────┐ ┌─────────┴─────────┐ ┌───────────┴───────────┐
│ OIDC Access Token │ │ App Access Token │ │ Personal Access Token │
└─────────┬─────────┘ └─────────┬─────────┘ └───────────┬───────────┘
│ │ │
┌─────────┴─────────┐ ┌───┴───────────────────────┴───┐
│ /login/jwt/google │ │ /login/access-token/github │
└─────────┬─────────┘ └───────────────┬───────────────┘
└─────────────┐ ┌───────────────┘
┌─────────┴───┴─────────┐
│ Create/Fetch API User │
└───────────┬───────────┘
┌────────────┴────────────┐
│ Create New Access Token │
└─────────────────────────┘
```

## Authorization

### Permissions

### Groups

### Mappers

#### Supported Mappers

Email Address -
Email Domain -
GitHub Username -
Loading

0 comments on commit a2e3aa6

Please sign in to comment.