Skip to content

Add an embedded OAuth2 issuer#3151

Draft
bbockelm wants to merge 12 commits intoPelicanPlatform:mainfrom
bbockelm:embedded-oauth
Draft

Add an embedded OAuth2 issuer#3151
bbockelm wants to merge 12 commits intoPelicanPlatform:mainfrom
bbockelm:embedded-oauth

Conversation

@bbockelm
Copy link
Collaborator

@bbockelm bbockelm commented Feb 20, 2026

This is a draft of server-side code that would replace the proxy to the external Java package.

bbockelm and others added 3 commits February 20, 2026 07:41
@bbockelm
Initial review round of embedded fosite issuer
708804f
@bbockelm
Add pelican credentials token setup command with credential file support
d21faba 
- Add Client.CredentialFile parameter to docs/parameters.yaml
- Regenerate param files with new Client_CredentialFile parameter
- Add Client_CredentialFile override in GetEncryptedConfigName()
- Add SaveConfigContentsToFile() for saving credentials to specific paths
- Add HasEncryptedPassword() to check if credential file is password-protected
- Create credentials_token_setup.go with the setup subcommand
- Add --no-password, --credential-file, --read, --write flags
- Add tests for new functionality

Co-authored-by: bbockelm <1093447+bbockelm@users.noreply.github.com>
@bbockelm
Next round of human-reviewed changes
8b48284
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 20, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 20, 2026
View reviewed changes
@bbockelm bbockelm linked an issue Feb 21, 2026 that may be closed by this pull request
Embed an OAuth2 issuer in Pelican #3153
Open
@bbockelm bbockelm added enhancement New feature or request origin Issue relating to the origin component labels Feb 21, 2026
@bbockelm
Copy link
Collaborator Author

bbockelm commented Feb 21, 2026

@CannonLock - can you take a look at this? Everything works but the redirect-after-login (which still adds the /view prefix). I would be fine if we switched from server-side rendering of the consent pages to the Next.js application ... but that's well outside my capabilities currently.

@CannonLock
Fixup redirection when returning from login
a10aae8 
Use app router when routing to app and use window routing when routing to page external to app but relative to domain.

Signed-off-by: clock <clock@wisc.edu>
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 23, 2026
View reviewed changes
@bbockelm
Copy link
Collaborator Author

bbockelm commented Feb 26, 2026

@CannonLock - can you fix the Linter issue?

@CannonLock
Lint
4e83e66 
Signed-off-by: clock <clock@wisc.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h2zh h2zh Awaiting requested review from h2zh

@brianaydemir brianaydemir Awaiting requested review from brianaydemir

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request origin Issue relating to the origin component

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Embed an OAuth2 issuer in Pelican

3 participants

@bbockelm @CannonLock