feat: add SSO #181
Merged
feat: add SSO #181
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 tasks
oleobal
force-pushed
the
feat/sso-oidc
branch
5 times, most recently
from
8e8f06a to
3df2c17
Compare
oleobal
force-pushed
the
feat/sso-oidc
branch
2 times, most recently
from
b373286 to
9f57d0b
Compare
Milouu
requested changes
Mar 27, 2023
Milouu
approved these changes
Mar 28, 2023
jmorel
previously requested changes
Mar 28, 2023
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
To be more consistent with nomenclature Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
With design guidance from David Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Signed-off-by: Olivier Léobal <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add mechanism to handle a new authentication flow: single sign-on (SSO) through OpenID Connect (OIDC).
Changes:
on the login page, we query the
/infoendpoint to see whether SSO is available, and if so present a button. All the button does is redirect to the backend at/oidc/authenticate?next={some frontend page}. The backend does everything elseadd the current username in the header menu, because with SSO the username is not obvious
add an "API tokens" modal (in the header menu) so SSO users can use the library (they don't have a password).
In the future we will deprecate logging in on the command line, and that modal will be a nice interface for creating and managing API tokens. Probably.
Issues: (to be fixed in a future PR, presumably)
How to test
Only the actual login requires special set-up.
Set up an SSO-capable backend: Substra/substra-backend#609
Then just edit
vite.config.tsto point tohttp://substra-backend.org-1.com(without the port number, because we're hosting on the cluster rather than in isolated mode). That should be it.It's also possible to test the frontend in isolated mode but that requires more set-up on the backend so I'll let you figure it out.
To do
investigate login/logout redirects (using the logout button and then logging in again works weird)can't reproduce