canonical-ci-engineering team mailing list archive

Thread
Date

cli authentication design decisions

To: CI Team <canonical-ci-engineering@xxxxxxxxxxxxxxxxxxx>
From: Joe Talbott <joe.talbott@xxxxxxxxxxxxx>
Date: Wed, 27 Aug 2014 11:49:54 -0400
User-agent: Mutt/1.5.21 (2010-09-15)

All,

Siva and I have been working on getting authentication working in the
UCI Engine and the cli in particular.  There are a few methods for
authorizing an access token via oauth2 for an insecure client.  Most
notably browser based and password based[1].  I'm thinking that we don't
want to mess with user passwords and would take that option off the
table.  This leads me to think we could add an access_token end-point on
the ticket-system (accessible via the webui-apache proxy) that simply
does the standard web server based authentication we're currently doing
for the webui and prints out the access token for the user to store in
their keyring.  I'm not sure if/how we can automate this further.  Does
anyone have ideas, suggestions, complaints, or other comments?

Thanks,
Joe


[1] http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#browser-based-apps

Follow ups

Re: cli authentication design decisions
From: Evan Dandrea, 2014-08-28
Re: cli authentication design decisions
From: Francis Ginther, 2014-08-27