Mark Laing
Mark Laing
I'll pick this one up next pulse :)
Given that `access_token_issuer` is not part of the OIDC spec and you have demonstrated that this can be circumvented I don't think we're likely to address this. I realise that...
Yes. We will not be adding a separate issuer config for access tokens. ADFS will be supported via sessions (see draft PR https://github.com/canonical/lxd/pull/15030) and setting the access token issuer to...
Few points from meeting: 1. Summary of which endpoints have been moved where and why. Anything `/internal` should be something that a client will never call. Any changes need careful...
Initial thoughts on this: 1. We shouldn't fail if we can't encrypt the refresh token. The client has authenticated at this point, so we can discard the refresh token and...
> > 2. The session ID could either reference a long lived operation or a new identity type `OIDC Client (session)`, the metadata would contain the session secret and their...
> [@mionaalex](https://github.com/mionaalex) is ADFS still unsupported ? It is, but #16476 will imminently add support in `latest/edge`
Just seen it here on a btrfs run: https://github.com/canonical/lxd/actions/runs/16175768884/job/45660861642#step:15:93486
Another btrfs one: https://github.com/canonical/lxd/actions/runs/16261989043/job/45909663658#step:15:93851
Hi @IrvingMg thanks for your interest in the project! For this issue it will be best to wait until #17016 is merged as you will almost certainly encounter rebase conflicts...