Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

github connector #1445

Closed
klizhentas opened this issue Nov 8, 2017 · 1 comment
Closed

github connector #1445

klizhentas opened this issue Nov 8, 2017 · 1 comment

Comments

@klizhentas
Copy link
Contributor

klizhentas commented Nov 8, 2017
edited by r0mant
Loading

Description

We want to support github SSO natively. Github is not OIDC, but OAuth 2.0.

kind: github
version: v3
metadata:
  name: Gravitational Connector to Github
spec:
  # these are for Github OAuth 2.0 to work:
  redirect_url: https://localhost:3080/v1/webapi/github/callback
  client_id: client it
  client_secret: client secret

  # this map matches user's Github membership to a Teleport role
  teams_to_roles:
    - {organization: "gravitational", team: "interns", roles: ["interns"]}
    - {organization: "rackspace", team: "ssh-users", roles: ["users", "interns"]}

OSS version only has one role: "admins", so it would be nice for tctl create github-connector.yaml to print a warning if a user tries to set up a mapping for a non-existent group [useful for all connectors, actually].

Here is the flow:

  • User authenticates, we requrest teams scope for user to read team memberships.
  • We read team memberships, and map teams to user traits property that we have defined.

The rest of the flow is completely identical to the OIDC authentication. The only difference is that we populate "claims" by calling API of github directly.

This will give us flexibility to add different types of claims, e.g. repository based claims and real claims when they arrive.

Ev: edits

Update: [@r0mant] After discussion with @kontsevoy renamed "groups" to "teams" in resource spec to be consistent with Github terminology.
@kontsevoy
Copy link
Contributor

Meeting note: @klizhentas to think about the versioning theme, i.e. limit the version attribute specific to structure, or have a global "latest version"

@r0mant r0mant mentioned this issue Dec 14, 2017
Merged
hatched pushed a commit that referenced this issue Jan 11, 2023
@ravicious
Make bundled tsh available outside of Connect (#1445)
87ffebf 
* Rename assets to build_resources

* Add resources\bin to Path during installation on Windows

* Adjust docs related to USE_SYSTEM_FPM

It turns out you need that for deb packages too.

* Create symlink to bundled tsh on Linux targets

* after-install: Get rid of old symlink removal

* Expand story for QuickInput

* Make command suggestions stay in place

* Align suggestion icons to the top rather than center

This makes it easier to tell when one suggestion ends and another starts.

* Add install & uninstall cmds to command bar

* Exclude new commands from OSes other than macOS

* Implement commands for symlinking tsh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@klizhentas @kontsevoy