Implement out of band OAuth. #80

wlynch · 2022-06-20T03:53:07Z

Summary

This change adds out of band OAuth support to allow users to generate
OIDC tokens even if their current session does not support opening a
brower.

This works by reading/writing directly to the user's TTY, bypassing
stdin/stdout that is being captured by Git.

Big thanks to @benmoss for doing the initial leg-work here.

This change is dependent on sigstore/sigstore#514, so starting off as draft (even after this is submitted, we should double check the out-of-band flow - I was having trouble with the page redirects, though I was able to confirm that this works by nabbing the code from the devtools console).

Ticket Link

Fixes #20

Release Note

Adds support for out-of-band interactive flows to add support for SSH and other sessions where web browsers are not directly present.

This change adds out of ban OAuth support to allow users to generate OIDC tokens even if their current session does not support opening a brower. This works by reading/writting directly to the user's TTY, bypassing stdin/stdout that is being captured by Git. Co-authored-by: Ben Moss <benm@vmware.com> Signed-off-by: Billy Lynch <billy@chainguard.dev>

wlynch force-pushed the tty branch 7 times, most recently from f8a0edd to d724ad9 Compare June 24, 2022 17:04

wlynch force-pushed the tty branch from d724ad9 to 0ec8353 Compare June 24, 2022 17:09

wlynch marked this pull request as ready for review June 24, 2022 17:11

wlynch requested a review from imjasonh June 24, 2022 17:11

imjasonh approved these changes Jun 24, 2022

View reviewed changes

wlynch merged commit c52c82e into sigstore:main Jun 24, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implement out of band OAuth. #80

Implement out of band OAuth. #80

Uh oh!

Uh oh!

Uh oh!

Implement out of band OAuth. #80

Implement out of band OAuth. #80

Uh oh!

Conversation

Uh oh!

Summary

Ticket Link

Release Note

Uh oh!

Uh oh!