Tuesday, 2024/02/27
10:00 am ET
Terrell Russell, Kory Draughn, Alan King, Martin Flores, Claudio Cacciari (SURF), Mike Conway (NIEHS)
DISCUSSION
- OIDC/OAuth2 in HTTP API
- Running as client working with two flows
- Still planning to remove soon-to-be-deprecated flow once spec is official
- Running as a protected resource nearing completion
- irods/irods_client_http_api#252
- Just takes an OAuth access token
- Just introspection endpoint for now
- offline validation of JWT probably later
- special google validation would be separate
- Will be released as 0.3.0 once PR is merged
- Implemented user mapping
- Allows admins to require N properties to match before granting access
- Support for confidential clients
- Running as client working with two flows
- pam_interactive
- Fixed expiration time being bound to a timezone (UTC)
- Now uses epoch time (Thanks, Leiden!)
- Added builder Docker images for 4.3.1-supported platforms (sans Ubuntu 18)
- Updated CMakeLists build and packaging logic to be more in line with other iRODS projects
- Initial release within a month or so, definitely by UGM
- Fixed expiration time being bound to a timezone (UTC)
- TRiRODS in February - Harry and Alan
- Demonstrated with 4.3.1 + pam_interactive build
- pam_interactive iRODS Authentication Plugin and OIDC
- https://www.youtube.com/watch?v=heFIGvlHhck
- Next Meeting
- March 2024