vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add support for an external JWT-based authentication system

Browse source 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
This commit is contained in:
Joseph Schorr 2015-06-02 18:19:22 -04:00
parent 42da017d69
commit 8aac3fd86e
10 changed files with 417 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

1
initdb.py
View file

@ -201,6 +201,7 @@ def initialize_database():
LoginService.create(name='github')
LoginService.create(name='quayrobot')
LoginService.create(name='ldap')
LoginService.create(name='jwtauthn')
BuildTriggerService.create(name='github')
BuildTriggerService.create(name='custom-git')