Client Login via device authorization flow (#309)

UI and CLI Clients are now able to use SSO login by default we will check if the management has configured or supports SSO providers daemon will handle fetching and waiting for an access token Oauth package was moved to internal to avoid one extra package at this stage Secrets were removed from OAuth CLI clients have less and better output 2 new status were introduced, NeedsLogin and FailedLogin for better messaging With NeedsLogin we no longer have endless login attempts
2026-04-18 16:26:38 +00:00 · 2022-05-12 11:17:24 +02:00
parent 49cca57565
commit e5c52efb4c
26 changed files with 925 additions and 427 deletions
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -10,6 +10,10 @@ service DaemonService {
  // Login uses setup key to prepare configuration for the daemon.
  rpc Login(LoginRequest) returns (LoginResponse) {}

+  // WaitSSOLogin uses the userCode to validate the TokenInfo and
+  // waits for the user to continue with the login on a browser
+  rpc WaitSSOLogin(WaitSSOLoginRequest) returns (WaitSSOLoginResponse) {}
+
  // Up starts engine work in the daemon.
  rpc Up(UpRequest) returns (UpResponse) {}

@@ -36,11 +40,20 @@ message LoginRequest {
  // adminUrl to manage keys.
  string adminURL = 4;

-  // jwtToken sso token to authenticate.
-  string jwtToken = 5;
 }

-message LoginResponse {}
+message LoginResponse {
+  bool   needsSSOLogin = 1;
+  string userCode = 2;
+  string verificationURI = 3;
+  string verificationURIComplete = 4;
+}
+
+message WaitSSOLoginRequest {
+  string userCode = 1;
+}
+
+message WaitSSOLoginResponse {}

 message UpRequest {}