Andreas Kupries

Some notes # Summary Of The Old Spike 1. The spike is rooted in Epinio version 0.20. Epinio still had a builtin `epinio installer` command and function at that point....

More notes # Spike Dex 1. Deploy Dex helm chart as sub chart of epinio. Is the version still 0.5, a year later ? Translate the old values.yaml for that....

# Details from the old spike |What|Where| |---|---| |Sources|https://github.com/dexidp/dex| |Chart src|https://github.com/dexidp/helm-charts| |Repo|`helm repo add dex https://charts.dexidp.io``helm search repo dex`| |Current|chart `0.9.0` for dex `2.32.0`| |Previous|chart `0.5.0` for dex `2.29.0`| |DexDeploymentID|"dex"|...

Regarding question `Fallback to the old user auth (secrets) for default setup ?` note the key `config.staticPasswords`. It seems to be dex's equivalent of epinio's `api.users` key ... Might be...

The logs seen are the logs provided by the paketo builder and buildpacks as they process the app sources. Epinio itself has not other information. The best possibility would be...

The staging runs in its own pod and container, and the only code in that container is the builder, and the buildpacks. Only they can report any issues they see,...

Confirmed `dex` as properly running and accessible by retrieving `https://dex./.well-known/openid-configuration`. (discovery endpoint)

Trying the dex example-app fails when using https access, with a `509: certificate signed by unknown authority`. This happens even when adding (?)/using the epinio ca cert we get from...

Flow refs - https://darutk.medium.com/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85 - https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow - https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use - https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use#is-the-client-a-native-mobile-app- Reading the old spike in light of the above it seems that - The epinio server serves as the client...

> Now that I think again, what I suggest doesn't make sense, does it? What would the policy block the creation on? The end goal is to prevent the user...