[AUTH-443] [4.13.z] Add OAuth2 Authorization Code Grant Flow for login

Type: Task
Resolution: Done
Priority: Critical
Fix Version/s: openshift-4.13.z
Affects Version/s: openshift-4.13.z
Labels:
None

Work Type:
Strategic Product Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Secure token usage with oc client while doing oc login
Intelligence Requested:
Market:

Target Version:

openshift-4.13.z

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

This is a backport of 4.14 and 4.15 feature. It requires several PR's to merge, this issue is going to be an umbrella for all the PR's and for documentation to track.

In order to secure token usage during oc login, we need to add the capability to oc to login using the OAuth2 Authorization Code Grant Flow through a browser. This will be possible by providing a command line option to oc:

oc login --web

links to

openshift/cluster-authentication-operator#641: [release-4.13] AUTH-443: Add openshift-cli-client OAuth Client

openshift/library-go#1616: [release-4.13] AUTH-443: add support for oauth authorization code flow

openshift/oauth-server#139: [release-4.13] AUTH-443: update osin to latest version

openshift/oc#1599: [release-4.13] AUTH-443: Add OAuth2 Authorization Code Grant Flow for login

openshift/origin#28396: [release-4.13] AUTH-443: Add oauth-server redirect URI validation e2e tests

Xingxing Xia added a comment - 2023/11/24 1:51 AM

rh-ee-irinis seems it forgets to be moved to Closed. Since PRs all merged and QE tested all (with one bug ~~OCPBUGS-23555~~ filed on HyperShift guest cluster, but it is not 4.13 specific, it occurs on 4.14/4.15 too of which we was not aware when testing 4.14), I BTW close this from Review status. If unintended, please let me know, thanks.

Xingxing Xia added a comment - 2023/11/24 1:51 AM rh-ee-irinis seems it forgets to be moved to Closed. Since PRs all merged and QE tested all (with one bug OCPBUGS-23555 filed on HyperShift guest cluster, but it is not 4.13 specific, it occurs on 4.14/4.15 too of which we was not aware when testing 4.14), I BTW close this from Review status. If unintended, please let me know, thanks.

Assignee:: Michal Fojtik (Inactive)

Reporter:: Michal Fojtik (Inactive)

Contributors:: Ilias Rinis

QA Contact:: Deepak Punia (Inactive)

Doc Contact:: Courtney Bippley

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/11/14 9:50 AM

Updated:: 2024/11/24 12:39 AM

Resolved:: 2023/11/24 1:51 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Xingxing Xia added a comment - 2023/11/24 1:51 AM

Expand comment: Xingxing Xia added a comment - 2023/11/24 1:51 AM

People

Dates