Merge pull request #2695 from coreos-inc/oidc-internal-auth

OIDC internal auth support

endpoints/api/user.py

@@ -529,6 +529,9 @@ class ClientKey(ApiResource):
   @validate_json_request('GenerateClientKey')
   def post(self):
     """  Return's the user's private client key. """
+    if not authentication.supports_encrypted_credentials:
+      raise NotFound()
+
     username = get_authenticated_user().username
     password = request.get_json()['password']
     (result, error_message) = authentication.confirm_existing_user(username, password)
@@ -744,7 +747,7 @@ class ExternalLoginInformation(ApiResource):
         'kind': {
           'type': 'string',
           'description': 'The kind of URL',
-          'enum': ['login', 'attach'],
+          'enum': ['login', 'attach', 'cli'],
         },
       },
     },
@@ -762,7 +765,7 @@ class ExternalLoginInformation(ApiResource):
 
     csrf_token = generate_csrf_token(OAUTH_CSRF_TOKEN_NAME)
     kind = request.get_json()['kind']
-    redirect_suffix = '/attach' if kind == 'attach' else ''
+    redirect_suffix = '' if kind == 'login' else '/' + kind
 
     try:
       login_scopes = login_service.get_login_scopes()