zot icon indicating copy to clipboard operation
zot copied to clipboard
verified publisher icon project-zot

Proposal for Social Login implementation

Open andaaron opened this issue 3 years ago • 3 comments

Credt for investigation into possible alternatives goes to Raul Kele and Alex Stan. Diabrams by Alex Stan.

Signed-off-by: Andrei Aaron [email protected]

What type of PR is this? feature documentation

Which issue does this PR fix: Does not fix but it proposes a fix for https://github.com/project-zot/zot/issues/709 and https://github.com/project-zot/zot/issues/710

What does this PR do / Why do we need it: It proposes design alternatives for 'social login' using GitHub/GitLab/Google.

Does this PR introduce any user-facing change?: No, but if we implement the proposal it will.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

andaaron avatar Sep 08 '22 18:09 andaaron

Codecov Report

Merging #775 (4327913) into main (f3faae0) will decrease coverage by 0.02%. The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #775      +/-   ##
==========================================
- Coverage   88.68%   88.66%   -0.03%     
==========================================
  Files          66       66              
  Lines       12866    12866              
==========================================
- Hits        11410    11407       -3     
- Misses       1136     1139       +3     
  Partials      320      320
Impacted Files Coverage Δ
pkg/cli/root.go 93.76% <0.00%> (-1.44%) :arrow_down:
pkg/api/routes.go 97.91% <0.00%> (+0.29%) :arrow_up:

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov[bot] avatar Sep 08 '22 19:09 codecov[bot]

The authentication flow is understood, but i would like to see details on how authorization also works once we have the user authenticated.

rchamarthy avatar Sep 09 '22 16:09 rchamarthy

The authentication flow is understood, but i would like to see details on how authorization also works once we have the user authenticated.

The authorization flow is the same as the one we use now. The github tokens do not contain information on user permissions (and we don't have a way to decode them even if they did). The proposal is to assign specific policies to the user email in the zot config.json as we support now - assuming we don't have a large number of users for which we need to manually configure the policies (we can leverage default policies).

andaaron avatar Sep 09 '22 16:09 andaaron

Let's close this as social login support was merged in https://github.com/project-zot/zot/pull/1381 The UI side needs to get some updates, and should be ready soon.

andaaron avatar Jul 10 '23 09:07 andaaron