Replies: 1 comment 4 replies
-
|
Why not use service accounts instead? Their permissions can be limited via RBAC, their tokens don't expire so you don't have to do the whole auth dance |
Beta Was this translation helpful? Give feedback.
-
|
well, I want to keep track of the user that does things... |
Beta Was this translation helpful? Give feedback.
-
|
Service accounts also get logged in audit log, yes |
Beta Was this translation helpful? Give feedback.
-
|
ok thank you. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, SAs use tokens only |
Beta Was this translation helpful? Give feedback.
-
Hi all!
I have a request, and I don't know if it is currently possible.
I have a platform that we want to develop that launches some commands on OKD, and interacts with some pods and stuff. To do this obviously we need a valid token.
What I wanted to do is that if I don't have a token or it has expired, instead of simply asking the user to provide the token, I wanted to redirect him to oauth-openshift to do the login, with a custom redirect_uri url parameter (and also a custom client_id) so that when the authentication is completed, the user gets redirected to my website with the token in the url...
is it possible right now? if yes, how should I configure OKD to support this?
thank you!
Beta Was this translation helpful? Give feedback.
All reactions