manageiq-api PR 737 added OpenID-Connect/OAuth2 support to the API.
It might be possible to simplify this solution by leveraging OpenID-Connect/OAuth2 setup in the mod_auth_openidc configuration files.
This issue will be used to track this investigation.
@miq-bot add_label core/authentication
@miq-bot add_label refactoring
@miq-bot assign @jvlcek
If this is not possible, then tests should be added to cover the code moved in #19936
Hi @jvlcek, was peeking at this today, looks like we should be able to protect our /api endpoint Location
using an AuthType of oauth20. There's a good write-up on it at https://github.com/zmartzone/mod_auth_openidc/wiki/OAuth-2.0-Resource-Server
Hopefully we can kick the tire with some of these examples.
@abellotti Thank you for that pointer. I'm kicking away at the tires on it right now.
Most helpful comment
If this is not possible, then tests should be added to cover the code moved in #19936