miki3421 opened a new pull request, #26: URL: https://github.com/apache/openserverless-admin-api/pull/26
## Summary This PR adds an OIDC-based authentication bridge to `openserverless-admin-api`, enabling Keycloak or another OIDC provider to authenticate users and map them to OpenServerless namespaces. ## Changes - Add OIDC JWT validation through JWKS. - Add deterministic SSO username to namespace mapping. - Add OIDC login endpoint compatible with the existing OpenServerless login response shape. - Add backend-managed OIDC device-flow endpoints. - Support optional namespace auto-provisioning through `WhiskUser`. - Preserve existing username/password authentication behavior. - Add unit tests for token validation, namespace mapping, OIDC login, and device flow. ## Validation - `uv run python -m unittest discover tests` - Result: 20 tests passed. ## Notes This keeps OpenWhisk technical authentication based on `uuid:key` unchanged. OIDC is introduced at the Admin API boundary as a bridge between external identity and existing OpenServerless namespace credentials. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
