diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-03-25 15:09:00 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-03-25 15:09:00 +0300 |
commit | a4220e48eb649ec4d9f4cd8a26129ef47fa09261 (patch) | |
tree | 7244e058eefb44a4ed487f49feb1127d733fecf9 /architecture.mdwn | |
parent | 8ef70e64a71bda5f6d72dfd664576d11dd460015 (diff) | |
download | ick.liw.fi-a4220e48eb649ec4d9f4cd8a26129ef47fa09261.tar.gz |
Change: clarify section on IDP
Diffstat (limited to 'architecture.mdwn')
-rw-r--r-- | architecture.mdwn | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/architecture.mdwn b/architecture.mdwn index 1c4f7fb..eee89a1 100644 --- a/architecture.mdwn +++ b/architecture.mdwn @@ -214,9 +214,12 @@ to all API providers at deployment time. Getting an access token ----------------------------------------------------------------------------- -(We don't have an IDP for handing out access tokens. Each API client +(FIXME: We don't have an IDP for handing out access tokens. Each API client gets the RSA key pair to sign tokens itself. This will be fixed -later.) +later. We will be using [Qvisqve][] as the IDP and OAuth2 client +credentials grants for getting access tokens.) + +[Qvisqve]: http://www.qvarn.org/qvisqve/ The API client (user's command line tool, a putative web app, git server, worker-manager, etc) authenticates itself to the IDP, and if @@ -238,6 +241,15 @@ privileges by the sysadmin. All API calls need a token. Getting a token happens the same way for every API client. +FIXME: The exception, at least for now, is the API call to trigger a +project build. This is currently un-authenticated, to avoid +difficulties in distributing credentials to git servers. We will +eventually make that API call also require authentication and add a +"trigger service", with an unauthenticated API call that git servers +can use to notify of changes in a git repository. The trigger service +will examine the change and decide if it warrants a build to be +triggered. + Worker (worker-manager) registration ----------------------------------------------------------------------------- |