Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Device Authentication flow for VS Code editor #22139

Closed
RomanNikitenko opened this issue Apr 10, 2023 · 3 comments · Fixed by che-incubator/che-code#260
Closed

Support Device Authentication flow for VS Code editor #22139

RomanNikitenko opened this issue Apr 10, 2023 · 3 comments · Fixed by che-incubator/che-code#260
Assignees
Labels
area/editor/vscode Issues related to the Code OSS editor of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.

Comments

@RomanNikitenko
Copy link
Member

RomanNikitenko commented Apr 10, 2023

Is your enhancement related to a problem? Please describe

It looks like some VS Code extensions requires authentication based on the Device Authentication flow.
Currently it's not supported on the Che-Code side.
So, the extension fails with the error: "User not authorized"

Describe the solution you'd like

Add authentication based on the Device Authentication flow

Describe alternatives you've considered

No response

Additional context

Device Authentication flow

@RomanNikitenko RomanNikitenko added the kind/enhancement A feature request - must adhere to the feature request template. label Apr 10, 2023
@RomanNikitenko RomanNikitenko self-assigned this Apr 10, 2023
@RomanNikitenko RomanNikitenko added area/editor/vscode Issues related to the Code OSS editor of Che severity/P1 Has a major impact to usage or development of the system. labels Apr 10, 2023
@RomanNikitenko RomanNikitenko changed the title Support Device Activation flow for VS Code editor Support Device Authentication flow for VS Code editor Aug 12, 2023
@RomanNikitenko
Copy link
Member Author

User gets a new token when uses Device Authentication flow. I'm looking for a way how to store the token to a secret.
@kubernetes/client-node is used to read/write a secret.
I noticed that I have HTTP request failed error when I use this.k8sConfig.loadFromCluster() to get git-credentials secret. I don't have such error when I use this.k8sConfig.loadFromDefault().

The cause of the problem is: SA permissions.
I've tested with Angel this draft to check it ^.

So, should we extend workspace SA permissions to all secrets/configmaps in namespace?
or
does it bring potentially a problem?

@l0rd could you share your opinion?

@l0rd
Copy link
Contributor

l0rd commented Sep 13, 2023

So, should we extend workspace SA permissions to all secrets/configmaps in namespace

That's fine.

@RomanNikitenko
Copy link
Member Author

So, should we extend workspace SA permissions to all secrets/configmaps in namespace

That's fine.

thank you, Mario!
if so, I propose to open for review devfile/devworkspace-operator#1165 (comment)

Within testing my pull request for the Device Authentication flow I've faced another problem: the workspace is restarted and loses websocket connection when git-credentials secret is created. I'm able to reproduce the problem without my changes, so I've filed a separate issue: #22522.

@RomanNikitenko RomanNikitenko added status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. and removed status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. labels Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/editor/vscode Issues related to the Code OSS editor of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants