Commit 9c35910
Agent
Add OIDC authentication to integration tests
Deploys Dex (OIDC provider), a Python/ldaptor LDAP server, and a
self-signed TLS CA alongside CTS in the EaaS pipeline and exercises
the full mod_auth_openidc -> load_openidc_user -> get_user_info ->
query_ldap_groups -> has_role auth stack end-to-end.
Use AuthType auth-openidc for Bearer token requests and AuthType
openid-connect for browser flows. OIDCOAuthVerifyJwksUri validates
tokens as JWTs locally via Dex's JWKS endpoint (HTTPS with
OIDCOAuthSSLValidateServer Off). OIDCOAuthRemoteUserClaim email sets
REMOTE_USER from the email claim, which Dex includes in the access
token JWT when the 'email' scope is requested; ALLOWED_BUILDERS and
ADMINS are configured with email addresses to match. SetEnv
OIDC_CLAIM_scope "openid email" provides the scope fallback that
load_openidc_user requires.
Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)1 parent 6552ee2 commit 9c35910
2 files changed
Lines changed: 674 additions & 34 deletions
0 commit comments