Skip to content

Commit 5df728e

Browse files
authored
feat: Add support for the oidcaccesstoken authentication (#1332)
Add support for authenticating with the access token issued by the trusted federated idp.
1 parent 94e8c39 commit 5df728e

File tree

8 files changed

+418
-29
lines changed

8 files changed

+418
-29
lines changed

doc/src/auth.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,12 @@ Rust based tools support typical
3939
[`clouds.yaml`/`secure.yaml`](https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html)
4040
files for configuration.
4141

42+
Most authentication methods support interactive data provisioning. When certain
43+
required auth attributes are not provided in the configuration file or through
44+
the supported cli arguments (or environment variables) clients that implement
45+
`AuthHelper` interface can receive such data from the user. For example when
46+
using the cli a prompt will appear. In the tui a popup requests the user input.
47+
4248
### Authentication methods
4349

4450
Currently only a subset of all possible authentication methods is covered with
@@ -135,6 +141,19 @@ required to specify user data when using application credential name
135141
Either `application_credential_id` is required or `application_credential_name`
136142
in which case additionally the user information is required.
137143

144+
#### v3OidcAccessToken
145+
146+
Authentication with the OIDC access token is supported in the same way like it
147+
is done by the python OpenStack tools.
148+
149+
Required configuration:
150+
151+
- `auth_type` = `v3oidcaccesstoken` (or `oidaccesstoken`)
152+
- `identity_provider_id` - an identity provider id
153+
- `protocol` - identity provider protocol (usually `oidc`)
154+
- `access_token` - Access token of the received from the remote identity
155+
provider.
156+
138157

139158
## Caching
140159

openstack_sdk/src/auth.rs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ pub mod authtoken_scope;
3333
pub mod v3applicationcredential;
3434
#[cfg(feature = "keystone_ng")]
3535
pub mod v3federation;
36+
pub mod v3oidcaccesstoken;
3637
pub mod v3password;
3738
pub mod v3token;
3839
pub mod v3totp;
@@ -42,6 +43,7 @@ use authtoken::{AuthToken, AuthTokenError};
4243
use authtoken_scope::AuthTokenScopeError;
4344
#[cfg(feature = "keystone_ng")]
4445
use v3federation::FederationError;
46+
use v3oidcaccesstoken::OidcAccessTokenError;
4547
use v3websso::WebSsoError;
4648

4749
/// Authentication error
@@ -76,6 +78,14 @@ impl From<AuthTokenScopeError> for AuthError {
7678
}
7779
}
7880
}
81+
82+
impl From<OidcAccessTokenError> for AuthError {
83+
fn from(source: v3oidcaccesstoken::OidcAccessTokenError) -> Self {
84+
Self::AuthToken {
85+
source: source.into(),
86+
}
87+
}
88+
}
7989
impl From<WebSsoError> for AuthError {
8090
fn from(source: v3websso::WebSsoError) -> Self {
8191
Self::AuthToken {

openstack_sdk/src/auth/authtoken.rs

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@ use crate::auth::auth_token_endpoint as token_v3;
2929
#[cfg(feature = "keystone_ng")]
3030
use crate::auth::v3federation;
3131
use crate::auth::{
32-
auth_helper::AuthHelper, authtoken_scope, v3applicationcredential, v3password, v3token, v3totp,
33-
v3websso, AuthState,
32+
auth_helper::AuthHelper, authtoken_scope, v3applicationcredential, v3oidcaccesstoken,
33+
v3password, v3token, v3totp, v3websso, AuthState,
3434
};
3535
use crate::config;
3636
use crate::types::identity::v3::{AuthReceiptResponse, AuthResponse};
@@ -118,6 +118,14 @@ pub enum AuthTokenError {
118118
source: v3applicationcredential::ApplicationCredentialError,
119119
},
120120

121+
/// Oidc Access Token autherror
122+
#[error("OIDC access token authentication error: {}", source)]
123+
OidcAccessToken {
124+
/// The error source
125+
#[from]
126+
source: v3oidcaccesstoken::OidcAccessTokenError,
127+
},
128+
121129
/// Password Identity error
122130
#[error("Password based authentication error: {}", source)]
123131
Password {
@@ -244,6 +252,8 @@ pub enum AuthType {
244252
#[cfg(feature = "keystone_ng")]
245253
/// Federation
246254
V3Federation,
255+
/// OIDC Access token
256+
V3OidcAccessToken,
247257
/// v3 Password
248258
V3Password,
249259
/// v3 Token
@@ -267,6 +277,7 @@ impl FromStr for AuthType {
267277
"v3password" | "password" => Ok(Self::V3Password),
268278
#[cfg(feature = "keystone_ng")]
269279
"v3federation" | "federation" => Ok(Self::V3Federation),
280+
"v3oidcaccesstoken" | "accesstoken" => Ok(Self::V3OidcAccessToken),
270281
"v3token" | "token" => Ok(Self::V3Token),
271282
"v3totp" => Ok(Self::V3Totp),
272283
"v3multifactor" => Ok(Self::V3Multifactor),
@@ -295,6 +306,7 @@ impl AuthType {
295306
Self::V3Password => "v3password",
296307
#[cfg(feature = "keystone_ng")]
297308
Self::V3Federation => "v3federation",
309+
Self::V3OidcAccessToken => "v3oidcaccesstoken",
298310
Self::V3Token => "v3token",
299311
Self::V3Multifactor => "v3multifactor",
300312
Self::V3Totp => "v3totp",

0 commit comments

Comments
 (0)