Use developers.redhat.com Identity Provider directly from Auth service

[alexeykazakov]

Currently we have there layers of services for login: auth.openshift.io -> sso.openshift.io (OSIO Keycloak) -> developers.redhat.com (RHD Keycloak). As soon as we switch Che to use Auth service and have authorization service in place on the auth.openshift.io side we can get rid of the OSIO Keycloak layer a start using RHD Keycloak directly.

Phase 1 : Stop talking to keycloak except during login.

• [x] Start generating tokens in Auth instead of KC
• [x] Support offline tokens in Auth https://github.com/fabric8-services/fabric8-auth/issues/577
• [x] Refresh tokens in Auth https://github.com/fabric8-services/fabric8-auth/issues/578
• [x] Switch all existing Authorization implementation to Auth service

Phase 2: Talk to RHD directly during login

• [x] Switch Che to Auth
• [ ] Configure RHD creds

Dependency

• [x] Disconnect keycloak and make OAuth login generic https://github.com/fabric8-services/fabric8-auth/issues/583 - [ ] Support local login https://github.com/fabric8-services/fabric8-auth/issues/584
• [x] Native logout #646

Also tracked in openshiftio GitHub - https://github.com/openshiftio/openshift.io/issues/2367

[sbose78]

Switch Che to Auth

DONE. Login using Auth's OAuth2.0 workflow.

Start generating tokens in Auth instead of KC

We already do so. Need to stop talking to KC, and talk to RHD only.

Switch all existing Authorization implementation to Auth service

Done :fireworks:

Support offline tokens in Auth.

https://github.com/fabric8-services/fabric8-auth/issues/577

[sbose78]

updated the comment above with the list of tasks.