cachepot
cachepot copied to clipboard
auth0 support
Currently we have some https://github.com/mozilla specific auth bits in our code base.
It'd be preferable to not break usability for mozilla
-folks in case we ever wanted to re-unite the efforts, but we also should be wary of dragging on untested code.
Proposal:
Expand the mozilla specifc auth of the client to something that is more generalized, akin to become a generalized auth0
backend.
If we are to pick yet another centralized solution for consumer auth, it makes more sense to rely on something widely-deployed like Github (or Google) as an auth provider, and not intriduce yet another proprietary third-party into the mix. Alternatively, we might build on top of something FOSS and self-hosted (like Ory, Keycloak or Teleport) or even just generic configurable SAML provider for this.
For mutual authentication of the builder/cache/scheduler something really simplistic working at the deploy-time (with no runtime reconfiguration) would be enough.