Openshift oauth discover authorization_endpoint #26
Conversation
| final HttpClientBuilder builder = HttpClientWithTLSOptionsFactory.getBuilder(uri, caCertData, skipTLSVerify); | ||
| HttpGet discover = new HttpGet(apiServerURL + "/.well-known/oauth-authorization-server"); | ||
| final CloseableHttpResponse response = builder.build().execute(discover); | ||
| return new JSONObject(EntityUtils.toString(response.getEntity())).getString("authorization_endpoint"); |
There was a problem hiding this comment.
Replace org.json with net.sf.json which is provided by the Jenkins ecosystem
| return new JSONObject(EntityUtils.toString(response.getEntity())).getString("authorization_endpoint"); | |
| return JSONObject.fromObject(EntityUtils.toString(response.getEntity())).getString("authorization_endpoint"); |
There was a problem hiding this comment.
added a new commit , removed org.json.JSONObject from pom.xml and replace JSSONObject with the suggested code
|
@maxlaverse this looks important |
| @@ -35,7 +36,8 @@ | |||
|
|
|||
| @Before | |||
| public void prepareFakeOAuthServer() throws Exception { | |||
| server = new Server(0); | |||
| InetSocketAddress addr = new InetSocketAddress("localhost", 0); | |||
There was a problem hiding this comment.
Just to understand, what does this change ?
There was a problem hiding this comment.
It change nothing in normal situation, I make the change because I was connected via VPN and maybe also due to proxy settings I was experiencing issues reaching the assigned IP (192.* ) . If needed , I can revert this change.
| private String getOauthServerUrl(String apiServerURL, String caCertData, boolean skipTLSVerify) throws URISyntaxException, IOException, HttpClientWithTLSOptionsFactory.TLSConfigurationError { | ||
| URI uri = new URI(apiServerURL); | ||
| final HttpClientBuilder builder = HttpClientWithTLSOptionsFactory.getBuilder(uri, caCertData, skipTLSVerify); | ||
| HttpGet discover = new HttpGet(apiServerURL + "/.well-known/oauth-authorization-server"); |
There was a problem hiding this comment.
Do all API servers answer to such request in OpenShift ? Or do we need to fallback to the apiServerURL + /oauth/authorize when it's not the case ?
There was a problem hiding this comment.
Yes, I tested this api in OCP3 and OCP4 , it should be a standard for oauth authentication as reported here
|
Alright. Thanks for the additional information |
|
Released as 0.8.0 |
I previously faced issues in OCP4 where oauth server url differs from kubernetes API url.
This PR add the possibility to discover oauth authorization_endpoint and solve previous issue.