URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: opened
PR body: """ This depends on changes in multiple components that are not yet merged, therefore testing is little bit difficult. There will be some final touch in `otp_parse_oauth2_challenge` when we decide on the challenge format but the patches are ready to be reviewed.
## How to test
1. Install IPA server 2. On IPA server: install patched ipa, patched krb5, pyrad and mock-radius:
```console $ dnf copr enable pbrezina/otp $ dnf copr enable abbra/oauth2-support $ dnf upgrade krb5-devel freeipa-server $ kinit admin $ echo Secret123 | ipa radiusproxy-add localhost --server=127.0.0.1 --secret $ ipa user-add tuser --user-auth-type=radius --radius=localhost --first Test --last User $ git clone ttps://github.com/pbrezina/mock-radius.git $ cd mock-radius $ sudo pip3 install pyrad $ sudo ./server.py ```
3. On client: ``` $ su tuser Authenticate with PIN 381924 at https://visit.me/oauth2 and press ENTER. $ klist Ticket cache: KEYRING:persistent:830600005:krb_ccache_1mToqfe Default principal: tuser@IPA.VM
Valid starting Expires Service principal 08/26/2021 14:15:11 08/27/2021 14:15:10 krbtgt/IPA.VM@IPA.VM renew until 09/02/2021 14:15:10
``` """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: edited
Changed field: body Original value: """ This depends on changes in multiple components that are not yet merged, therefore testing is little bit difficult. There will be some final touch in `otp_parse_oauth2_challenge` when we decide on the challenge format but the patches are ready to be reviewed.
## How to test
1. Install IPA server 2. On IPA server: install patched ipa, patched krb5, pyrad and mock-radius:
```console $ dnf copr enable pbrezina/otp $ dnf copr enable abbra/oauth2-support $ dnf upgrade krb5-devel freeipa-server $ kinit admin $ echo Secret123 | ipa radiusproxy-add localhost --server=127.0.0.1 --secret $ ipa user-add tuser --user-auth-type=radius --radius=localhost --first Test --last User $ git clone ttps://github.com/pbrezina/mock-radius.git $ cd mock-radius $ sudo pip3 install pyrad $ sudo ./server.py ```
3. On client: ``` $ su tuser Authenticate with PIN 381924 at https://visit.me/oauth2 and press ENTER. $ klist Ticket cache: KEYRING:persistent:830600005:krb_ccache_1mToqfe Default principal: tuser@IPA.VM
Valid starting Expires Service principal 08/26/2021 14:15:11 08/27/2021 14:15:10 krbtgt/IPA.VM@IPA.VM renew until 09/02/2021 14:15:10
``` """
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ I tried but could not enable your COPR. ab's enables just fine ~~~ [root@master.ipa.vm ~]# dnf copr enable pbrezina/otp /usr/lib/python3.10/site-packages/dnf-plugins/copr.py:431: DeprecationWarning: distro.linux_distribution() is deprecated. It should only be used as a compatibility shim with Python's platform.linux_distribution(). Please use distro.id(), distro.version() and distro.name() instead. dist = linux_distribution()
Enabling a Copr repository. Please note that this repository is not part of the main distribution, and quality may vary.
The Fedora Project does not exercise any power over the contents of this repository beyond the rules outlined in the Copr FAQ at https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr, and packages are not held to any quality or security level.
Please do not file bug reports about these packages in Fedora Bugzilla. In case of problems, contact the owner of this repository.
Do you really want to enable copr.fedorainfracloud.org/pbrezina/otp? [y/N]: y Error: This repository does not have any builds yet so you cannot enable it now. ~~~
"""
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-906641662
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ I tried but could not enable your COPR. ab's enables just fine ~~~ [root@master.ipa.vm ~]# dnf copr enable pbrezina/otp /usr/lib/python3.10/site-packages/dnf-plugins/copr.py:431: DeprecationWarning: distro.linux_distribution() is deprecated. It should only be used as a compatibility shim with Python's platform.linux_distribution(). Please use distro.id(), distro.version() and distro.name() instead. dist = linux_distribution()
Enabling a Copr repository. Please note that this repository is not part of the main distribution, and quality may vary.
The Fedora Project does not exercise any power over the contents of this repository beyond the rules outlined in the Copr FAQ at https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr, and packages are not held to any quality or security level.
Please do not file bug reports about these packages in Fedora Bugzilla. In case of problems, contact the owner of this repository.
Do you really want to enable copr.fedorainfracloud.org/pbrezina/otp? [y/N]: y Error: This repository does not have any builds yet so you cannot enable it now. ~~~
"""
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-906641662
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ Steps provided work well, I will look closer at the code and respond back. ~~~ Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: LDAP: ldapi://%2Frun%2Fslapd-IPA-VM.socket Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: request received Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query start Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query end: uid=tuser,cn=users,cn=accounts,dc=ipa,dc=vm Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query start: cn=localhost,cn=radiusproxy,dc=ipa,dc=vm Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query end: 127.0.0.1 Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward start: tuser / 127.0.0.1 Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward end: Access-Challenge Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: response sent: Access-Challenge Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: request received Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query start Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query end: uid=tuser,cn=users,cn=accounts,dc=ipa,dc=vm Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query start: cn=localhost,cn=radiusproxy,dc=ipa,dc=vm Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query end: 127.0.0.1 Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward start: tuser / 127.0.0.1 Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward end: Access-Challenge Aug 26 21:03:52 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: response sent: Access-Challenge Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: request received Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query start Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: user query end: uid=tuser,cn=users,cn=accounts,dc=ipa,dc=vm Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query start: cn=localhost,cn=radiusproxy,dc=ipa,dc=vm Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: radius query end: 127.0.0.1 Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward start: tuser / 127.0.0.1 Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: forward end: Access-Accept Aug 26 21:04:07 master.ipa.vm ipa-otpd[69808]: tuser@IPA.VM: response sent: Access-Accept ~~~ """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-906743456
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ If the radius server is not running, then the prompt falls back to password authentication, is it expected? ~~~ [vagrant@master.client.vm ~]$ su - tuser Password: ~~~ """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-908476215
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ Small commit typo s/autok/authtok/ in `autok: add SSS_AUTHTOK_TYPE_OAUTH2 ` """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-908480858
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ Small commit message typo s/autok/authtok/ in `autok: add SSS_AUTHTOK_TYPE_OAUTH2 ` """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-908480858
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
pbrezina commented: """
If the radius server is not running, then the prompt falls back to password authentication, is it expected?
[vagrant@master.client.vm ~]$ su - tuser Password:
Yes, it is expected. If the RADIUS server is not running, Kerberos won't get Access-Challenge reply therefore it falls back to password auth. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-909073108
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
pbrezina commented: """
Small commit message typo s/autok/authtok/ in `autok: add SSS_AUTHTOK_TYPE_OAUTH2 `
Fixed. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-909075124
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
justin-stephenson commented: """ Okay thanks, Ack from my side but perhaps @sumit-bose would like to give his sign-off as well. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-909431990
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: edited
Changed field: body Original value: """ This depends on changes in multiple components that are not yet merged, therefore testing is little bit difficult. There will be some final touch in `otp_parse_oauth2_challenge` when we decide on the challenge format but the patches are ready to be reviewed.
## How to test
1. Install IPA server 2. On IPA server: install patched ipa, patched krb5, pyrad and mock-radius; create radius proxy config and a test user (tuser name is required):
```console $ dnf copr enable pbrezina/otp $ dnf copr enable abbra/oauth2-support $ dnf upgrade krb5-devel freeipa-server $ kinit admin $ echo Secret123 | ipa radiusproxy-add localhost --server=127.0.0.1 --secret $ ipa user-add tuser --user-auth-type=radius --radius=localhost --first Test --last User $ git clone ttps://github.com/pbrezina/mock-radius.git $ cd mock-radius $ sudo pip3 install pyrad $ sudo ./server.py ```
3. On client: ``` $ su tuser Authenticate with PIN 381924 at https://visit.me/oauth2 and press ENTER. $ klist Ticket cache: KEYRING:persistent:830600005:krb_ccache_1mToqfe Default principal: tuser@IPA.VM
Valid starting Expires Service principal 08/26/2021 14:15:11 08/27/2021 14:15:10 krbtgt/IPA.VM@IPA.VM renew until 09/02/2021 14:15:10 ```
No real authentication is necessary, because `mock-radius` accepts everything. The URL is obviously fake, so just hit enter. """
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: edited
Changed field: body Original value: """ This depends on changes in multiple components that are not yet merged, therefore testing is little bit difficult. There will be some final touch in `otp_parse_oauth2_challenge` when we decide on the challenge format but the patches are ready to be reviewed.
## How to test
1. Install IPA server 2. On IPA server: install patched ipa:
```console $ sudo dnf copr enable pbrezina/otp $ sudo dnf upgrade freeipa* $ kinit admin $ ipa user-add tuser --user-auth-type=idp --first Test --last User $ sudo cp /usr/share/sssd/krb5-snippets/sssd_enable_oauth2 /etc/krb5.conf.d $ sudo systemctl restart krb5kdc ```
Now authenticate as the `tuser`
``` # via kinit kinit -n @IPA.VM -c armor kinit -T armor tuser@IPA.VM Authenticate with PIN 123456 at https://visit.me and press ENTER.:
# via sssd su tuser@ipa.vm Authenticate with PIN 123456 at https://visit.me and press ENTER. ```
The patched IPA does not make contact to any IdP, it just provides mocked values and grants access. """
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
pbrezina commented: """ Patch set updated. I implemented the required Kerberos modules inside SSSD code base instead ot krb5. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-924102030
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for oauth2 challenge (wip) Action: edited
Changed field: body Original value: """ ## How to test
1. Install IPA server 2. On IPA server: install patched ipa:
```console $ sudo dnf copr enable pbrezina/otp $ sudo dnf upgrade freeipa* $ kinit admin $ ipa user-add tuser --user-auth-type=idp --first Test --last User $ sudo cp /usr/share/sssd/krb5-snippets/sssd_enable_oauth2 /etc/krb5.conf.d $ sudo systemctl restart krb5kdc ```
Now authenticate as the `tuser`
``` # via kinit kinit -n @IPA.VM -c armor kinit -T armor tuser@IPA.VM Authenticate with PIN 123456 at https://visit.me and press ENTER.:
# via sssd su tuser@ipa.vm Authenticate with PIN 123456 at https://visit.me and press ENTER. ```
The patched IPA does not make contact to any IdP, it just provides mocked values and grants access. """
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for oauth2 challenge (wip)
pbrezina commented: """ Updated patches. Renamed the plugin to more generic "idp" and added support for messages that we agreed on. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-934491542
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: edited
Changed field: title Original value: """ krb5: add support for oauth2 challenge (wip) """
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
pbrezina commented: """ Updated patches. Renamed the plugin to more generic "idp" and added support for messages that we agreed on. Also added unit tests. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-934491542
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
pbrezina commented: """ I have no idea why the idp tests returs 99. It returns 0 locally. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-937670547
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
justin-stephenson commented: """
I have no idea why the idp tests returs 99. It returns 0 locally.
I do see the same error when running make check valgrind locally, I'll send you the log. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-937927491
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: edited
Changed field: body Original value: """ ## How to test
1. Install IPA server 2. On IPA server: install patched ipa:
```console $ sudo dnf copr enable pbrezina/idp $ sudo dnf upgrade freeipa* $ kinit admin $ ipa user-add tuser --user-auth-type=idp --first Test --last User $ sudo cp /usr/share/sssd/krb5-snippets/sssd_enable_oauth2 /etc/krb5.conf.d $ sudo systemctl restart krb5kdc ```
Now authenticate as the `tuser`
``` # via kinit kinit -n @IPA.VM -c armor kinit -T armor tuser@IPA.VM Authenticate with PIN 123456 at https://visit.me and press ENTER.:
# via sssd su tuser@ipa.vm Authenticate with PIN 123456 at https://visit.me and press ENTER. ```
The patched IPA does not make contact to any IdP, it just provides mocked values and grants access. """
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
pbrezina commented: """ Updated the patch. It now supports latest padata format and verification_uri_complete attribute. Registration of padata type number is in progress. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-966306819
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
sumit-bose commented: """ Hi,
thanks for the update, if updates my [oidc_child](https://github.com/sumit-bose/sssd/tree/oidc_child) tree accordingly and all is still working fine.
What about directly generating the padata, shall I just call `sss_idp_oauth2_encode_padata()` directly and link `idp_utils.c` to `oidc_child` or shall I copy the relevant code so that you can drop it from `idp_utils.c`?
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-968991818
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
pbrezina commented: """ Feel free to use it. """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-970129750
URL: https://github.com/SSSD/sssd/pull/5762 Author: pbrezina Title: #5762: krb5: add support for idp:oauth2 challenge Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5762/head:pr5762 git checkout pr5762
URL: https://github.com/SSSD/sssd/pull/5762 Title: #5762: krb5: add support for idp:oauth2 challenge
pbrezina commented: """ We got ourselves a number: [PA-REDHAT-IDP-OAUTH2: 152](https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xht...) """
See the full comment at https://github.com/SSSD/sssd/pull/5762#issuecomment-984622868
sssd-devel@lists.fedorahosted.org
-
justin-stephenson -
pbrezina
-
sumit-bose