Closed jdoupe closed 3 weeks ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Hi @jdoupe,
We will accept this contribution and https://github.com/smallstep/cli/pull/1154, but they are not a complete PR as it does not allow configuring the provisioners in a database and a linked CA.
I've added the details for this in a similar PR, see https://github.com/smallstep/certificates/pull/1796#issuecomment-2059739628
And we will work on this, but it can take some time, you can also send us a more complete PR.
Similar to the other PR, the workaround is adding `"auth-param" to the defaults.json so it sets those flags automatically.
@maraino,
Thanks for the feedback!
I've updated my branch here to include "Scopes" from https://github.com/smallstep/certificates/pull/1796 along with the linkedca provisioner bits. And to that end, I also created a branch on smallstep/linkedca to address the proto changes. (https://github.com/jdoupe/linkedca/tree/AuthParams).
I'll submit a PR for that when I get around to seeing if I can test the database and linked ca scenarios.
UPDATE: I'll also have to take a step back and update the CLI branch to accept scopes
from the provisioner as well.
Confirmed functionality in "Remote Provisioner Management" configuration.
Linking related PR's for reference: https://github.com/smallstep/linkedca/pull/84 https://github.com/smallstep/cli/pull/1154
Name of feature:
Add "AuthParams" to OIDC provisioner.
Pain or issue this feature alleviates:
AuthParams (or "extra parameters for the authorization request") are sometimes a requirement for OIDC configurations. Someone had already added the capability as a command line parameter, but remote requests to a CA wouldn't be able to include any extra parameters.
Why is this important to the project (if not answered above):
Is there documentation on how to use this feature? If so, where?
Not absolutely sure where to update this, but it would entail the addition of an "authParams" key within an OIDC provisioner: e.g.
In what environments or workflows is this feature supported?
In what environments or workflows is this feature explicitly NOT supported (if any)?
Supporting links/other PRs/issues:
💔Thank you!