vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
3567 commits 2 branches 62 tags 205 MiB
Commit graph

5 commits

Author SHA1 Message Date
Jake Moshenko
bc29561f8f Fix and templatize the logic for external JWT AuthN and registry v2 Auth. 
Make it explicit that the registry-v2 stuff is not ready for prime time.
 2015-07-17 11:56:15 -04:00
Joseph Schorr
07439328a4 Remove user_exists endpoint from all auth systems 2015-06-23 17:33:51 -04:00
Joseph Schorr
331c300893 Refactor JWT auth to not import app locally 2015-06-17 15:53:21 -04:00
Joseph Schorr
f980b892d8 Remove debug flag from JWT tests 
This can break unit tests running
 2015-06-05 15:39:27 -04:00
Joseph Schorr
8aac3fd86e Add support for an external JWT-based authentication system 
This authentication system hits two HTTP endpoints to check and verify the existence of users:

Existance endpoint:
GET http://endpoint/ with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise

Verification endpoint:
GET http://endpoint/ with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message

The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory.
 2015-06-05 13:20:10 -04:00