Update scripts for the self-hosted Oauth 2.0 Device Auth Grant support (#439)

Support Oauth 2.0 Device Auth Grant in the self-hosted scripts.
2026-04-16 15:26:40 +00:00 · 2022-08-24 14:37:18 +02:00
parent 3def84b111
commit e8733a37af
9 changed files with 93 additions and 33 deletions
--- a/.github/workflows/test-docker-compose-linux.yml
+++ b/.github/workflows/test-docker-compose-linux.yml
@@ -5,6 +5,12 @@ jobs:
  test:
    runs-on: ubuntu-latest
    steps:
+      - name: Install jq
+        run: sudo apt-get install -y jq
+
+      - name: Install curl
+        run: sudo apt-get install -y curl
+
      - name: Install Go
        uses: actions/setup-go@v2
        with:
@@ -28,30 +34,31 @@ jobs:
        working-directory: infrastructure_files
        run: bash -x configure.sh
        env:
-          CI_NETBIRD_AUTH_AUTHORITY: ${{ secrets.CI_NETBIRD_AUTH_AUTHORITY }}
          CI_NETBIRD_AUTH_CLIENT_ID: ${{ secrets.CI_NETBIRD_AUTH_CLIENT_ID }}
          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_JWT_CERTS:  ${{ secrets.CI_NETBIRD_AUTH_AUTHORITY }}.well-known/jwks.json
-          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: openid
+          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
          CI_NETBIRD_USE_AUTH0: true

      - name: check values
        working-directory: infrastructure_files
        env:
-          CI_NETBIRD_AUTH_AUTHORITY: ${{ secrets.CI_NETBIRD_AUTH_AUTHORITY }}
          CI_NETBIRD_AUTH_CLIENT_ID: ${{ secrets.CI_NETBIRD_AUTH_CLIENT_ID }}
          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_JWT_CERTS:  ${{ secrets.CI_NETBIRD_AUTH_AUTHORITY }}.well-known/jwks.json
-          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: openid
+          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
          CI_NETBIRD_USE_AUTH0: true
+          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
+          CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
+          CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
+          CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
+          CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
        run: |
          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
          grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
-          grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep $CI_NETBIRD_AUTH_SUPPORTED_SCOPES
+          grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
          grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
          grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "http://localhost:33073"  
-          
+
      - name: run docker compose up
        working-directory: infrastructure_files
        run: |