search

singularityhub / sregistry

server for storage and management of singularity images
https://singularityhub.github.io/sregistry
Mozilla Public License 2.0
103 stars 42 forks source link

Feature request: Oauth with FiWare #31

Open victorsndvg opened 6 years ago

victorsndvg commented 6 years ago

Hi all,

what do you think about providing an implementation of the authentication against FiWare through Oauth2?

https://www.fiware.org/

Please, feel free to close this issue if you are not interested in.

Thanks in advance! Víctor.

vsoch commented 6 years ago

The easy ones to do are via python social auth: https://python-social-auth.readthedocs.io/en/latest/backends/index.html#supported-backends I can definitely look at this when some time opens up, but likely not soon (I'm a bit overloaded with things to do!)

if you want to jump in and PR to either sregistry or social auth (to add for other users) they have instructions here: https://python-social-auth.readthedocs.io/en/latest/backends/implementation.html

It might be a great project in spirit of Hacktoberfest! I'll put a label here in case anyone else is looking for a hacktoberfest project :)

victorsndvg commented 6 years ago

Thanks @vsoch ,

I'm very busy too ... :sweat_smile: , but I will try to take a look to this ASAP.

Another question, there is a way to test locally sregistry login without a twitter account?

Thanks, Víctor.

victorsndvg commented 6 years ago

Merry X-mas & happy new year @vsoch ,

I did the pull request #72 to include the fiware OAuth2 backend (thanks to @emepetres !). Let me know what do you think about it. If you agree, we can iterate over the PR to get it ready to be accepted and merged.

An interesting use case with this backend is to deploy a local IDM as authentication server. We can also think about it.

Related with this use case, I would like to know if it's possible to give some privileges to users that are loged in using a particular social auth backend. Something similar to what is being done with LDAP:

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_admin": "ou=...,dc=...,dc=..",
    "is_superuser": "ou=...,dc=...,dc=.."
}

Is it possible right now? Do you think is it interesting?

Thanks in advance!

vsoch commented 6 years ago

thanks @victorsndvg ! For the PR, let's keep discussion on the PR itself. I'll re-iterate that I think the backend support is a fantastic idea, and the implementation to do would be having it as a plugin (akin to LDAP). For the general permissions question, could you write out how you see this working (and some examples) and please open a new issue? This issue is about integration with FiWare (and not this new idea). Thank you!

victorsndvg commented 6 years ago

Related with #72