Skip to content

Commit 9c35910

Browse files
author
Agent
committed
Add OIDC authentication to integration tests
Deploys Dex (OIDC provider), a Python/ldaptor LDAP server, and a self-signed TLS CA alongside CTS in the EaaS pipeline and exercises the full mod_auth_openidc -> load_openidc_user -> get_user_info -> query_ldap_groups -> has_role auth stack end-to-end. Use AuthType auth-openidc for Bearer token requests and AuthType openid-connect for browser flows. OIDCOAuthVerifyJwksUri validates tokens as JWTs locally via Dex's JWKS endpoint (HTTPS with OIDCOAuthSSLValidateServer Off). OIDCOAuthRemoteUserClaim email sets REMOTE_USER from the email claim, which Dex includes in the access token JWT when the 'email' scope is requested; ALLOWED_BUILDERS and ADMINS are configured with email addresses to match. SetEnv OIDC_CLAIM_scope "openid email" provides the scope fallback that load_openidc_user requires. Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)
1 parent 6552ee2 commit 9c35910

2 files changed

Lines changed: 674 additions & 34 deletions

File tree

0 commit comments

Comments
 (0)