#8040 OIDC client credentials for verification-fas-discord-reddit
Closed: Fixed 2 months ago by pingou. Opened a year ago by houndthe.

Hey everyone, I would like to ask if there is an option to get registered to use the https://id.fedoraproject.org/openidc/. The application details can be found here: https://github.com/Fedora-dotnet/verification-fas-discord-reddit


We will try and get to this soon. Thanks for your patience.

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)

12 months ago

Until we are ready to launch, you can use https://iddev.fedorainfracloud.org/ for development purposes.
This supports the OpenID Connect Dynamic Registration, so you are able to register yourself for a Client ID there.

We're way past development at this point. We're coming up with more silly features to delay launching.

Until we are ready to launch

What does that mean? o_o

Hi, any updates please? :(

What's going on here? Can we get this rolled out to production so apps can register with id.fp.o with OIDC? This would also be very helpful for Communishift applications.

@ngompa this is just for a specific application.

@rhea do you mean to say that the development of this tool has completed, and it's ready for deployment? I didn't get that from the original request. Can you confirm? Since if it's still in deployment (as what I get from the README mentioning it as a milestone), iddev is more appropriate and you can register there yourself.

@puiterwijk So OIDC Dynamic Client registration is not a thing in id.fp.o at all?

@ngompa no, that is explicitly disabled. If you want that, please open a new ticket and we can reconsider.

It is in production. As I said half a year ago, there isn't anything else to do here, other than having something from you guys...

Helloes, I wanted to catch up - is there a production deployment now? The stage stopped working spitting out invalid scope errors.

If you want that, please open a new ticket and we can reconsider.

This is a ticket about that. We're using stage (in prod) as a workaround, which stopped working.

Moving to needs review so we discuss it at our monday standup.

We may need to gather some information to process the request. I thought we had a template, but I can't seem to find it now.

Metadata Update from @kevin:
- Issue priority set to: Needs Review (was: Waiting on Assignee)

2 months ago

Here is the information:

Which redirect URI(s) will the application use?

https://verify.valkyrja.app/signin-fedora

What is the application main URL?

https://verify.valkyrja.app/

Who will be the main contact for the application, or will this be core infrastructure?

Me or Rhea

What privacy policy will be applicable to the application, or will this be the standard

We are not storing any user data

Scopes

groups and CLA

Which authorization flow does the application use? [1]

code

Which token authentication method does the application use? [1]

RedirectGet

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: groomed, low-trouble, medium-gain

2 months ago

Ok, so the secrets have been generated and the ipsilon playbook ran successfully. I am however no able to see in openshift if the roll out ran fine or not.

So for all I can see, this is fixed.

I've just checked server side and the new config seems in place.

I'm going to close this ticket as fixed and please re-open or open a new one.

Sorry it took so long!

Metadata Update from @pingou:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 months ago

Hi @pingou, I think that I'm (we are) missing something. We don't have any access (or secrets) to id.fp.o for openidc, and the iddev.fedorainfracloud.org/openidc apprears to be missing the scopes still. (The certificate issue has been resolved though.)

Login to comment on this ticket.

Metadata