Phillezi / kthcloud-cli

A CLI tool for kthcloud, designed for managing grouped deployments similar to Docker Compose.
MIT License
1 stars 0 forks source link

Storage server authentication #29

Open Phillezi opened 2 months ago

Phillezi commented 2 months ago

The storage server requires oauth2 cookies for authentication.

auth, _oauth2_proxy_0 and _oauth2_proxy_1

To get these you have to have the keycloak cookies present on the keycloak url, these will be checked once the oauth2 proxy on the storage server redirects you. This is done in the following way:

Navigating to the storage URL without the cookies gives you a 302 with Location at the keycloak URL and a Set-Cookie header with a crsf token called: _oauth2_proxy_csrf, the browser navigates to the keycloak URL and checks the cookies there, then redirects you to the storage URL again but with the Set-Cookie headers for the tokens.

The problem is that the CLI doesnt have access to the cookies from the browser, and there is no way to get them without doing sketchy / janky things.

Phillezi commented 2 months ago

Did the getting cookies from browser idea, plan is to implement it with a flag, until it is possible to solve it neater