-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[auth] IDP access tokens over hail-minted tokens #2
Conversation
820ad9c
to
a83ba77
Compare
322eec1
to
a00dbec
Compare
a00dbec
to
313c4b4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a really great RFC. I'm really glad we're doing these now. I like that you have encoded all this knowledge about authentication, OAuth2, and how Hail is using it into this document. This is a great resource.
I think we should write another one about how we plan to move secrets through the system (aka the metadata server impersonation scheme for Google and whatever we plan to do in Azure).
@danking Ready for another look |
Sorry I know I'm delinquent. My top priority tomorrow is this. |
rfc/0001-oauth-access-tokens.rst
Outdated
|
||
Unfortunately Google and Azure have slightly different approaches to this interaction. | ||
Both scenarios will involve installing an OAuth2 client credential on the user's machine | ||
to be used by the Hail python library, and they will involve similar changes to the ``auth`` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
capitalize Python throughout unless referring to the binary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's capitalize Python, but otherwise this is good to merge.
…13131) Deprecate hail-minted API keys in favor of using access tokens from the identity providers already associated with user identities. For more context and a high-level overview of the implementation, see [this RFC](hail-is/hail-rfcs#2)
No description provided.