Closed binlab closed 3 years ago
impl
commented
4 years ago This seems related to https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/pull/6#pullrequestreview-381577330. Is the goal here to implement a single point for both external use and authentication to Vault?
binlab
commented
4 years ago Thanks for reply @impl! Rather it can simplify the setup and don't need manual work to transfer the code and just press button to approve
DrDaveD
commented
4 years ago @binlab Note that the vault-plugin-auth-jwt api you listed isn't actually for the token issuer to call back directly to vault; the token issuer has to call back to an extra little web server started by the vault cli, and then the vault cli calls back to the vault server.
Maybe what you're wanting is in this vault-plugin-auth-jwt pull request, combined with the #6 feature here.
impl
commented
3 years ago Hello!
I've spent a while (well, a year now) noodling on this and I think it would expand the scope of the plugin beyond what's reasonably feasible for us to implement and maintain (e.g., requiring handling browser requests and defining client-side interaction like redirects). If someone from the community wanted to propose this functionality in a PR, we would certainly consider it, but I don't think this is a candidate for us to develop at this time.
Thanks for the suggestion!
Use Case
Would be nice to add endpoint URL on Vault side to automatically forward the user to Vault and skip a step -
vault write oauth2/bitbucket/creds/my-user-authDescribe the Solution You Would Like
Callback URL e.g. http://127.0.0.1:8200/oauth2/bitbucket/callback similar to how implemented here https://www.vaultproject.io/api-docs/auth/jwt/#oidc-callback
Describe Alternatives You've Considered
Additional Context