Closed
Bug 1385363
Opened 7 years ago
Closed 7 years ago
Add a /user-credentials endpoint to login
Categories
(Taskcluster :: Services, enhancement)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dustin)
References
Details
This will accept a JWT signed by auth0, and produce corresponding TC credentials.
Assignee | ||
Comment 1•7 years ago
|
||
https://github.com/taskcluster/taskcluster-login/pull/50
Assignee | ||
Comment 2•7 years ago
|
||
:kang, can you please review the PR in comment 1 to ensure it's sensible and not missing any verification steps? If so, we'll want to add management API scopes to PROD clientId 1db5KNoLN5rLZukvLouWwVouPkbztyso and also add a new API to PROD with audience https://login.taskcluster.net, then get the PR deployed. This will support Eli's work on a demo client and position us to start using the new profiles once they're rolled out. Thanks!
Flags: needinfo?(gdestuynder)
Comment 3•7 years ago
|
||
Commits pushed to master at https://github.com/taskcluster/taskcluster-login https://github.com/taskcluster/taskcluster-login/commit/82c61353b3539ff2a6c9d183f0b86d81b51309c1 Bug 1385363 - Introduce handlers for OIDC access_tokens https://github.com/taskcluster/taskcluster-login/commit/8ee22d8951c3c3f830048e7d15f91cc0ed469a18 Bug 1385363 - Support converting an auth0 oidc token to TC creds Given an access_token with an appropriate audience, generate Taskcluster credentials for the authorized user. This is a partial implementation: at present, the profiles available from the auth0 management API are not updated to the new CIS profile, so this API cannot determine group membership, and thus issues powerless credentials. https://github.com/taskcluster/taskcluster-login/commit/dc11a7830c084f1e64a32300eee5b7376c32f020 Merge pull request #50 from djmitche/bug1385363 Bug 1385363: add /v1/oidc-credentials endpoint
Assignee | ||
Comment 4•7 years ago
|
||
Remaining to do on this: * generate credentials based on profile (waiting on profile deployment) * generate temporary credentials with the same expiration as the access_token * document the process
Assignee | ||
Updated•7 years ago
|
Assignee | ||
Updated•7 years ago
|
Assignee | ||
Comment 5•7 years ago
|
||
> * generate temporary credentials with the same expiration as the > access_token https://bugzilla.mozilla.org/show_bug.cgi?id=1388548 > * document the process https://github.com/taskcluster/taskcluster-login/pull/51
Flags: needinfo?(gdestuynder)
Assignee | ||
Comment 6•7 years ago
|
||
My test user "djmitche@gmail.com" now has a new-style profile. Once we get the rest of the production stuff set up (maybe Tuesday when Eli's back), I can experiment with that.
Assignee | ||
Comment 7•7 years ago
|
||
I'll do that in bug 1392307.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: Login → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•