webhook: Add OpenID based authentication (!161) · Merge requests · infrastructure / qa-report-app

Detlev Casanova requested to merge wip/detlev/add-openid-auth into master Oct 07, 2022

The OpenID feature is implemented with the requests-oauthlib and pyjwt python modules.

The default behaviour is still to use gitlab authentication but openid can be used by adding the needed information in the configuration yaml file:

auth-method: openid
openid:
  well_known_url: "https://gitlab.apertis.org/.well-known/openid-configuration"
  client_id: "${GITLAB_APP_CLIENT_ID}"
  client_secret: "${GITLAB_APP_CLIENT_SECRET}"

A Gitlab Application must be configured on Gitlab, with the openid scope and with the callback URL set to https://qa.apertis.org/openid_callback

Marked as draft because this needs to be merged after !160 (merged)

https://phabricator.apertis.org/T9272

Edited Oct 12, 2022 by Detlev Casanova

webhook: Add OpenID based authentication

Merge request reports