| *** jamesmcarthur has quit IRC | 00:04 | |
| *** jamesmcarthur has joined #openstack-keystone | 00:05 | |
| *** jamesmcarthur has quit IRC | 00:09 | |
| *** jamesmcarthur has joined #openstack-keystone | 00:27 | |
| *** spatel has joined #openstack-keystone | 00:50 | |
| *** gyee has quit IRC | 00:54 | |
| *** spatel has quit IRC | 00:54 | |
| *** spatel has joined #openstack-keystone | 00:59 | |
| *** jamesmcarthur has quit IRC | 01:05 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:32 | |
| *** jamesmcarthur has quit IRC | 01:49 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:49 | |
| *** jamesmcarthur has quit IRC | 01:54 | |
| *** jamesmcarthur has joined #openstack-keystone | 02:24 | |
| *** jamesmcarthur has quit IRC | 02:34 | |
| *** dviroel has quit IRC | 02:44 | |
| *** jmlowe has quit IRC | 03:00 | |
| *** jamesmcarthur has joined #openstack-keystone | 03:08 | |
| *** jmlowe has joined #openstack-keystone | 03:11 | |
| *** jamesmcarthur has quit IRC | 03:11 | |
| *** jamesmcarthur has joined #openstack-keystone | 03:11 | |
| *** jamesmcarthur has quit IRC | 03:20 | |
| *** jamesmcarthur has joined #openstack-keystone | 04:25 | |
| *** jamesmcarthur has quit IRC | 04:29 | |
| *** evrardjp has quit IRC | 04:33 | |
| *** evrardjp has joined #openstack-keystone | 04:33 | |
| *** spatel has quit IRC | 05:07 | |
| *** abdysn has joined #openstack-keystone | 05:07 | |
| *** tkajinam has quit IRC | 05:21 | |
| *** tkajinam has joined #openstack-keystone | 05:22 | |
| *** vishalmanchanda has joined #openstack-keystone | 05:35 | |
| *** bengates has joined #openstack-keystone | 07:25 | |
| *** rcernin has quit IRC | 07:52 | |
| *** lbragstad has quit IRC | 08:08 | |
| *** rcernin has joined #openstack-keystone | 08:45 | |
| *** bengates has quit IRC | 08:59 | |
| *** bengates has joined #openstack-keystone | 09:01 | |
| *** lbragstad has joined #openstack-keystone | 09:04 | |
| *** rcernin has quit IRC | 09:33 | |
| *** rcernin has joined #openstack-keystone | 09:34 | |
| *** jamesmcarthur has joined #openstack-keystone | 09:38 | |
| *** jamesmcarthur has quit IRC | 09:42 | |
| *** vishalmanchanda has quit IRC | 09:44 | |
| *** rcernin has quit IRC | 09:58 | |
| *** rcernin has joined #openstack-keystone | 09:59 | |
| *** rcernin has quit IRC | 10:14 | |
| *** rcernin has joined #openstack-keystone | 10:25 | |
| *** vishalmanchanda has joined #openstack-keystone | 10:25 | |
| *** Abdallahyas has joined #openstack-keystone | 11:15 | |
| *** abdysn has quit IRC | 11:19 | |
| *** bengates has quit IRC | 11:19 | |
| *** bengates has joined #openstack-keystone | 11:20 | |
| *** shyamb has joined #openstack-keystone | 11:26 | |
| *** dviroel has joined #openstack-keystone | 11:26 | |
| *** shyamb has quit IRC | 11:39 | |
| *** raildo has joined #openstack-keystone | 11:42 | |
| *** shyamb has joined #openstack-keystone | 11:58 | |
| *** rcernin has quit IRC | 12:11 | |
| *** Abdallahyas has quit IRC | 12:19 | |
| *** abdysn has joined #openstack-keystone | 12:20 | |
| *** moguimar has joined #openstack-keystone | 12:32 | |
| *** shyamb has quit IRC | 12:53 | |
| *** spatel has joined #openstack-keystone | 12:53 | |
| *** shyamb has joined #openstack-keystone | 12:58 | |
| *** shyamb has quit IRC | 12:58 | |
| *** moguimar has left #openstack-keystone | 13:22 | |
| *** jamesmcarthur has joined #openstack-keystone | 13:56 | |
| *** redrobot has quit IRC | 14:22 | |
| *** Abdallahyas has joined #openstack-keystone | 14:23 | |
| *** abdysn has quit IRC | 14:25 | |
| *** Abdallahyas has quit IRC | 14:27 | |
| *** jamesmcarthur has quit IRC | 14:38 | |
| *** jamesmcarthur has joined #openstack-keystone | 14:40 | |
| *** jamesmcarthur has quit IRC | 14:51 | |
| *** jamesmcarthur has joined #openstack-keystone | 14:58 | |
| *** gshippey has joined #openstack-keystone | 15:02 | |
| gshippey | Hi all, is improving OIDC CLI support on the agenda for wallaby? We've been toying the idea of adding pkce support to our deployment, we are currently using https://github.com/indigo-dc/keystoneauth-oidc-authz-code which is working nicely for us aside from having to share the client secret. https://review.opendev.org/#/c/330006/ had some negative reviews because it launched a browser but I see no better way | 15:13 |
|---|---|---|
| gshippey | to do this - have attitudes changed or is that still a no go? | 15:13 |
| *** jamesmcarthur has quit IRC | 15:33 | |
| *** jamesmcarthur has joined #openstack-keystone | 15:49 | |
| *** gyee has joined #openstack-keystone | 15:54 | |
| *** bengates has quit IRC | 16:09 | |
| *** bengates has joined #openstack-keystone | 16:09 | |
| *** bengates has quit IRC | 16:18 | |
| knikolla | gshippey: there's a spec that was merged to backlog with regards to that https://review.opendev.org/#/c/373983/ | 16:27 |
| jrosser | knikolla: hi! gshippey and i are on the same team here working on this - it's a bit difficult to untangle from the spec what is to be done about CLI specifically and what for keystone itself | 16:36 |
| * jrosser away for a bit, back later | 16:37 | |
| knikolla | jrosser: i'm not familiar with pkce, however if the keystone plugin described in the spec is implemented, then that should fix the current issues in the CLI. | 17:02 |
| jrosser | pkce means you don't have to share a client secret with CLI users | 17:03 |
| jrosser | so our dilema is should we hack on / fork / contribute to https://github.com/indigo-dc/keystoneauth-oidc-authz-code to add support for that | 17:04 |
| jrosser | or ideally from a user experience point of view this should all 'just work' with the regular openstack cli tools | 17:05 |
| knikolla | jrosser: from a user experience, once an openid connect specific plugin is implemented in keystone as per the spec, it will just work. we can then implement support for pkce as well in keystoneauth. | 17:09 |
| knikolla | if you need something right now, I guess forking/contributing to the keystoneauth plugin gets you something that works. | 17:09 |
| *** vishakha has joined #openstack-keystone | 17:16 | |
| *** vishakha_ has joined #openstack-keystone | 17:17 | |
| *** Guest75569 has joined #openstack-keystone | 17:21 | |
| *** Guest75569 is now known as redrobot | 17:23 | |
| *** jamesmcarthur has quit IRC | 17:25 | |
| *** vesper11 has joined #openstack-keystone | 17:25 | |
| jrosser | right - the proposed keystone plugin looks like a substantial piece of work | 17:36 |
| *** jamesmcarthur has joined #openstack-keystone | 17:41 | |
| *** vishakha has quit IRC | 19:25 | |
| *** vishakha_ has quit IRC | 19:25 | |
| *** gshippey has quit IRC | 19:28 | |
| *** jamesmcarthur has quit IRC | 20:51 | |
| *** jamesmcarthur has joined #openstack-keystone | 20:56 | |
| *** jamesmcarthur has quit IRC | 21:19 | |
| *** raildo has quit IRC | 21:25 | |
| *** jamesmcarthur has joined #openstack-keystone | 21:26 | |
| *** spatel has quit IRC | 21:27 | |
| *** rcernin has joined #openstack-keystone | 22:16 | |
| *** vishalmanchanda has quit IRC | 22:34 | |
| *** rcernin has quit IRC | 22:45 | |
| *** rcernin has joined #openstack-keystone | 22:50 | |
| *** rcernin has quit IRC | 22:51 | |
| *** rcernin has joined #openstack-keystone | 22:51 | |
| *** hoonetorg has quit IRC | 23:22 | |
| *** bnemec has quit IRC | 23:22 | |
| *** zigo has quit IRC | 23:23 | |
| *** zigo has joined #openstack-keystone | 23:24 | |
| *** bnemec has joined #openstack-keystone | 23:24 | |
| *** hoonetorg has joined #openstack-keystone | 23:34 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!