Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Slack well-known social OIDC provider #44114

Merged

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik force-pushed the feature/add-oidc-slack-known-provider branch from 8b84c1a to 66f9f4e Compare October 26, 2024 08:14
Copy link

github-actions bot commented Oct 26, 2024

🙈 The PR is closed and the preview is expired.

This comment has been minimized.

This comment has been minimized.

@michalvavrik michalvavrik force-pushed the feature/add-oidc-slack-known-provider branch from 66f9f4e to f1a8fab Compare October 26, 2024 08:59

This comment has been minimized.

This comment has been minimized.

Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @michalvavrik , thanks, LGTM, I'll be suggesting a few minor updates, the first one is to draw red lines over the client secret, and id as well, even though that was a test app,
I'm travelling, will add a few comments later, thanks very much

@sberyozkin
Copy link
Member

@michalvavrik Yes, in all other images we do highlight that this is a sensitive info...

I have a few more comments about the way the Slack app setup is suggested now.

Please follow the manual setup option, JSON there looks complex to me.
Also, I don't think presetting scopes at the start up time is what we should recommend. Typically users will approve scopes dynamically, and presetting them would also block overriding the scopes property at the quarkus level, for example, someone will wan5 to avoid sharing an email, but the registered app will allow it. Or if someone will want an extra scope requested at the quarkus level.

The other suggestion is cosmetic, please use Quarkus Slack as the app or workspace name, just to keep it consistent with the recent updates to Github.

If Slack insists on the https scheme then we should offer an ngrok based url, similar to how Steph did it for ex for Facebook. Also, I propose to have URI ending with /slack to make it consistent with other 2 recent PRs.

Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Michal, left a few more comments, they are really rather cosmetic, minor ones, sorry this issue is taking more time than expected

@michalvavrik
Copy link
Member Author

michalvavrik commented Oct 26, 2024

I have deleted all my comments and I'll address every single request for change.

@michalvavrik michalvavrik force-pushed the feature/add-oidc-slack-known-provider branch 2 times, most recently from b8932b9 to 666b841 Compare October 26, 2024 15:56

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @michalvavrik, first of all, thanks for doing what I should've done ages ago, by adding the provider specific Wiremock support, starting from Slack, it really all looks quite perfect,
I'm only trying for us to get the simplest possible setup so that we can easily explain it to users, for them copy and paste individual test classes, etc

LGTM, thanks

@michalvavrik michalvavrik force-pushed the feature/add-oidc-slack-known-provider branch from 87b4ecd to 643e11b Compare October 30, 2024 21:58

This comment has been minimized.

This comment has been minimized.

Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Michal, @michalvavrik, LGTM, thanks for the effort, it all looks great, I'll do a single push myself, to avoid distracting you as you are very busy, related to scopes (vs required claims), and will merge afterwards, thanks

@sberyozkin
Copy link
Member

Please don't merge yet, I'll do a minor update, to replace required-claims with scopes

@michalvavrik
Copy link
Member Author

Thanks @sberyozkin , yeah, I have other things ATM and I'll be happy when this gets in. Go ahead.

@sberyozkin sberyozkin force-pushed the feature/add-oidc-slack-known-provider branch from 643e11b to 3a39e63 Compare October 31, 2024 12:37
@sberyozkin sberyozkin force-pushed the feature/add-oidc-slack-known-provider branch from 3a39e63 to 5a05d9a Compare October 31, 2024 12:43
@sberyozkin
Copy link
Member

@michalvavrik I pushed a minor update: scope is set at the provider definition, and I dropped @Tenant("slack") to get the convention based resolver working. Interestingly, the custom discovery stub is missed at the startup, 404 is reported, so I thought of moving the tenant definition to the dynamic resolver, but then decided to keep it to test the recovery...

Then I followed up with a unit test update to show users can override the scope with a more restricted value if needed

Copy link

quarkus-bot bot commented Oct 31, 2024

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 5a05d9a.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

Copy link

quarkus-bot bot commented Oct 31, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 5a05d9a.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@sberyozkin sberyozkin merged commit 8bd6921 into quarkusio:main Oct 31, 2024
55 checks passed
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Oct 31, 2024
@quarkus-bot quarkus-bot bot added this to the 3.17 - main milestone Oct 31, 2024
@michalvavrik michalvavrik deleted the feature/add-oidc-slack-known-provider branch October 31, 2024 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/documentation area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure area/oidc area/testing kind/enhancement New feature or request triage/flaky-test
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add Slack to the list of supported OIDC providers
2 participants