Ensure CLI and web console clients are public OAuth clients

[liggitt]

Lays the groundwork for authorization code flows from these clients in 1.4

[liggitt]

[test]

[enj]

I am assuming you are using "" here to be explicit.

[liggitt]

right

[enj]

@liggitt Minor comment, but otherwise LGTM - I had a similar change in #10225 which I can remove once this is merged.

[liggitt]

@jwforres @spadgett this means that the development web console wouldn't be allowed as a redirect out of the box. do you have instructions or a bring-up script for starting an openshift master where you could include instructions to allow redirects to https://localhost:9000?

[jwforres]

almost everyone on the UI team is using oc cluster up now, what are the steps that would need to be run? cc @csrwng

@rhamilto has a README he has been working on for environment set up instructions for UI development

[rhamilto]

@rhamilto has a README he has been working on for environment set up instructions for UI development

https://github.com/rhamilto/origin-web-console/wiki/Dev-env-setup

[liggitt]

what are the steps that would need to be run?

after the master starts, add https://localhost:9000 to the redirectURIs list

oc patch oauthclient/openshift-web-console -p '{"redirectURIs":["https://localhost:9000"]}'

[jwforres]

is that going to delete the existing redirectURI for the embedded console,
do we need to specify both?

On Mon, Sep 12, 2016 at 9:39 AM, Jordan Liggitt [email protected]
wrote:

In pkg/cmd/server/origin/auth_config.go
#10819 (comment):

assetPublicURLs := []string{}
if !options.DisabledFeatures.Has(configapi.FeatureWebConsole) {

•   assetPublicURLs = []string{options.OAuthConfig.AssetPublicURL, "http://localhost:9000", "https://localhost:9000"}
  

•   assetPublicURLs = []string{options.OAuthConfig.AssetPublicURL}
  

what are the steps that would need to be run?

after the master starts, add https://localhost:9000 to the redirectURIs
list

oc patch oauthclient/openshift-web-console -p '{"redirectURIs":["https://localhost:9000"]}'

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/openshift/origin/pull/10819/files/a0578bff9477ca300b23c0f364bcdf929e9c69d5#r78373970,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABZk7cNJlUNd4-lBSnasn3Ub0ftXo-ZVks5qpVYqgaJpZM4J17f2
.

[liggitt]

with the patchStrategy:"merge" change, a strategic patch (the default for oc patch) will merge the given list with the existing list

[csrwng]

I don't think it's that far-fetched for 'oc cluster up' to simply add localhost:9000 as a redirect URI. It's meant to be a tool to help us get environments up for development, and this seems like a common use case. I'll open an issue.

@liggitt can you think of bad things happening because we add that as a default for cluster up?

[liggitt]

that seems reasonable in a cluster up scenario

[openshift-bot]

continuous-integration/openshift-jenkins/test Waiting: Determining build queue position

[openshift-bot]

Evaluated for origin test up to f4fdc8c

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8808/)

[liggitt]

[merge]

[openshift-bot]

Evaluated for origin merge up to f4fdc8c

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8808/) (Image: devenv-rhel7_5085)