#45 Add paragraph about OIDC auth from VM/remote host.
Opened 8 months ago by astepano. Modified 8 months ago
fedora-docs/ astepano/modularity oidc  into  master

@@ -28,6 +28,40 @@ 

  

  https://release-engineering.github.io/mbs-ui/modules

  

+ == Submitting module build from VM or remote host

+ 

+ +fedpkg module-build+ requires authorization to MBS.

+ Fedora infra uses +OpenID Connect (OIDC)+ authorization for web applications.

+ +fedpkg+ authorizes to MBS with next steps:

+ 

+ .+fedpkg+ prints to terminal URL, something like:

+ 

+ ---

+ Please visit https://id.fedoraproject.org/openidc/Authorization?scope=openid+https%3A%2F%2Fid.fedoraproject.org%2Fscope%2Fgroups+https%3A%2F%2Fmbs.fedoraproject.org%2Foidc%2Fsubmit-build&response_type=code&client_id=mbs-authorizer&redirect_uri=http%3A%2F%2Flocalhost%3A12345%2F&response_mode=query to grant authorization

+ ---

+ 

+ .You must open it in your Firefox/Chrome/etc..

+ .After auth step your browser will complain with:

+ 

+ ---

+ This site can’t be reached localhost refused to connect.

+ Search Google for localhost 12345

+ ERR_CONNECTION_REFUSED

+ ---

+ 

+ .Your browser at this point in address-line will have URL:

+ 

+ ---

+ http://localhost:12345/?code=7c35ded4-054b-4df0-9151-7ef12c7fb838_xe3JWkvf_sL1UyLOzftHJZ3uIlfOo00N

+ ---

+ 

+ .At this point +fedpkg+ waits on port 12345 of your VM for incoming connection from OpenID IdP (identity provider).

+ .While +fedpkg+ waits for incoming OIDC answer from IdP, imitate it with curl in parallel terminal:

+ 

+ ---

+ $ curl 'http://localhost:12345/?code=7c35ded4-054b-4df0-9151-7ef12c7fb838_xe3JWkvf_sL1UyLOzftHJZ3uIlfOo00N'

+ ---

+ 

  == Rebuild strategies

  

  In case you want to control which packages get rebuilt and which get reused, you can enforce a specific rebuild strategy while submitting a build.

rebased onto 30dd975

8 months ago

As noted in issue #18, a spec is inbound that will allow us to change this soon, so hopefully in the next month this might improve.

Metadata