Tuesday, 2023/07/25
10:00 am ET
Terrell Russell, Kory Draughn, Alan King, Martin Flores, Harry Kodden (SURF), Bruno Canning (Sanger), Lukas Vojacek (IT4I), Claudio Cacciari (SURF)
DISCUSSION
- Have merged iinit improvements
- irods/irods_client_icommands#338
- Added new prompts to iinit for 4.3.1
- SSL and authentication scheme
- Allows for setup of these items without touching the .json file manually after setup
- Change: Will save environment file, even with a failed authentication
- New server-side function for verifying credentials without logging in
- For native authentication, to be used alongside rc_switch_user (coming in 4.3.1)
- Improves performance for HTTP API
- At UGM, showed auth, 133 requests/sec, much slower than other operations
- No performance measurements yet, still WIP
- OIDC/OAuth2 in HTTP API
- Depends on HTTP API, which depends on iRODS 4.3.1
- Demoed at UGM, first flow - resource owner password credentials grant
- As mentioned at UGM, deprecated by community in draft specs
- https://slides.com/irods/ugm2023-investigating-oauth2-and-openid-connect-oidc/#/13
- New/additional flow is WIP, authorization code grant
- Very nearly code complete
- https://slides.com/irods/ugm2023-investigating-oauth2-and-openid-connect-oidc/#/11
- Harry says industry standard
- Diagrams visible at the links above
- Direct link to specification https://datatracker.ietf.org/doc/html/rfc6749#section-4
- Next Meeting
- Aug 2023