miki3421 opened a new pull request, #26:
URL: https://github.com/apache/openserverless-admin-api/pull/26

   ## Summary
   
   This PR adds an OIDC-based authentication bridge to 
`openserverless-admin-api`, enabling Keycloak or another OIDC provider to 
authenticate users and map them to OpenServerless namespaces.
   
   ## Changes
   
   - Add OIDC JWT validation through JWKS.
   - Add deterministic SSO username to namespace mapping.
   - Add OIDC login endpoint compatible with the existing OpenServerless login 
response shape.
   - Add backend-managed OIDC device-flow endpoints.
   - Support optional namespace auto-provisioning through `WhiskUser`.
   - Preserve existing username/password authentication behavior.
   - Add unit tests for token validation, namespace mapping, OIDC login, and 
device flow.
   
   ## Validation
   
   - `uv run python -m unittest discover tests`
   - Result: 20 tests passed.
   
   ## Notes
   
   This keeps OpenWhisk technical authentication based on `uuid:key` unchanged. 
OIDC is introduced at the Admin API boundary as a bridge between external 
identity and existing OpenServerless namespace credentials.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to