Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persist u/p login for a short time #477

Open
hatched opened this issue May 13, 2020 · 5 comments
Open

Persist u/p login for a short time #477

hatched opened this issue May 13, 2020 · 5 comments
Labels
Blocked ⛔ Priority: Medium

Comments

@hatched
Copy link
Contributor

hatched commented May 13, 2020

If you log in with a user/pass you're immediately logged out on refresh. We should persist this for a short time like we do with macaroons.
@hatched hatched added this to the Iteration 20-20 / May 11 - 22 milestone May 13, 2020
@hatched hatched self-assigned this May 13, 2020
@hatched hatched removed this from the Iteration 20-20 / May 11 - 22 milestone May 21, 2020
@hatched
Copy link
Contributor Author

hatched commented May 21, 2020

When providing the full user-tag and credentials to the Juju API it does not return a macaroon, this is by design. To get it to return a macaroon you need to provide only the user-tag. It will then respond with a macaroon that needs to be discharged at the supplied location. In my quick tests I was not able to get this location to discharge the macaroon. This system is how the CLI performs a login when the user provides only the username and not the password so it is possible...

Juju uses https://github.com/go-macaroon-bakery/macaroon-bakery/tree/v2/httpbakery to discharge the macaroons. Investigation is needed into how this differs from the bakeryjs version that we use.

This was referenced May 26, 2020
Merged
Closed
@canonical canonical deleted a comment from cristinadresch May 27, 2020
@hatched hatched mentioned this issue May 27, 2020
Closed
@hatched
Copy link
Contributor Author

hatched commented Jul 22, 2020

Now that users can register additional controllers with the user/pass authentication system we should investigate using the macaroon token flow for u/p registrations. This would mean that we would only have to store the macaroons and not the user/pass directly.

@hatched hatched mentioned this issue Jul 22, 2020
Closed
@hatched hatched mentioned this issue Mar 10, 2021
Closed
@cristinadresch
Copy link

@hatched what should be the next steps here?

@hatched
Copy link
Contributor Author

hatched commented May 10, 2021

This needs to wait until the charm conversion is done as authentication will need a slight overhaul to support that change then we can revisit this.

@hatched hatched removed their assignment Feb 8, 2022
@huwshimi
Copy link
Contributor

huwshimi commented Apr 5, 2023

This is the relevant issue blocking us from implementing this: https://bugs.launchpad.net/juju/+bug/1864517.

@huwshimi huwshimi mentioned this issue Apr 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Blocked ⛔ Priority: Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@huwshimi @hatched @cristinadresch