Tuesday, 2023/09/26
10:00 am ET
Terrell Russell, Kory Draughn, Alan King, Martin Flores, Harry Kodden (SURF), Martin Golasowski (IT4I), Lukas Vojacek (IT4I), Claudio Cacciari (SURF)
DISCUSSION
- OIDC/OAuth2 in HTTP API
- Active PR - irods/irods_client_http_api#75
- Nearly feature complete, PR is out of draft
- State is now handled via UUID
- User mapping initially looking at custom 'irods_username' claim from provider
- Considering an irods scope here?
- Alternative mapping will happen in a separate PR, perhaps after initial release
- Refresh token in a separate PR, created a new issue
- Considering deprecating temporary passwords
- Have contacted Maastricht about their use of this via PHP(!) and now Python
- Use case was WebDAV usage (web portal generates and shows temp password)
- Need native auth b/c webdav doesn't know how to PAM
- Maastricht is PAM/SSO everywhere else
- rcGetTemporaryPassword and rcGetTemporaryPasswordForOther
- Possible workaround/alternate use case is to use Limited Password
- Add LimitedPassword implementation to PRC/Jargon
- Rework TemporaryPassword to call LimitedPassword in the server
- SURF says Davrods can use PAM
- Next Meeting
- Oct 2023