Description of problem: As all of the option under hammer auth login oauth are related to oidc and protocol we are using for authentication is openidc, it is calid to change from oauth to oidc. Version-Release number of selected component (if applicable): Satellite 6.7 snap 7 tfm-rubygem-hammer_cli-0.19.0-2.el7sat.noarch How reproducible: always Steps to Reproduce: 1. # hammer auth login oauth -h Usage: hammer auth login oauth [OPTIONS] Options: -a, --oidc-authorization-endpoint OPENIDC-AUTHORIZATION-ENDPOINT Openidc provider URL which issues authentication code -c, --oidc-client-id OPENIDC-CLIENT-ID Client id used in the Openidc provider -f, --two-factor Authenticate with two factor -h, --help Print help -p, --password PASSWORD Password to access the remote system -r, --oidc-redirect-uri OPENIDC-REDIRECT-URI Redirect URI for the authencation code grant flow -t, --oidc-token-endpoint OPENIDC-TOKEN-ENDPOINT Openidc provider URL which issues access token -u, --username USERNAME Username to access the remote system Actual results: Command is hammer auth login oauth Expected results: Command should be hammer auth login oidc Additional info: Also there is typo, good to have it fixed -r, --oidc-redirect-uri OPENIDC-REDIRECT-URI Redirect URI for the authencation code grant flow s/authencation/authentication
Also please update help description for -a, --oidc-authorization-endpoint OPENIDC-AUTHORIZATION-ENDPOINT Openidc provider URL which issues authentication code to -a, --oidc-authorization-endpoint OPENIDC-AUTHORIZATION-ENDPOINT Openidc provider URL which issues authentication code (two factor only)
Hello Nikhil, Thank you for observing the typo's in there and reporting that. The main issue about remaining the `oauth` to `oidc` is in my opinion not a good idea. Reasoning: OpenID Connect(OIDC) uses simple JSON Web Tokens (JWT), which we obtain using flows(password grant and code flow) conforming to the OAuth 2.0 specifications. So OAuth is responsible for getting us the token with the help of OIDC. SO options specify the OpenID provider and its features while we are actually using OAuth to perform the required task. Let me know if you are not convinced with the above explanation :) Thank you,
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28628 has been resolved.
VERIFIED Version tested: Satellite 6.7 snap 8 # hammer auth login oauth -h Usage: hammer auth login oauth [OPTIONS] Options: -a, --oidc-authorization-endpoint OPENIDC-AUTHORIZATION-ENDPOINT Openidc provider URL which issues authentication code (two factor only) -c, --oidc-client-id OPENIDC-CLIENT-ID Client id used in the Openidc provider -f, --two-factor Authenticate with two factor -h, --help Print help -p, --password PASSWORD Password to access the remote system -r, --oidc-redirect-uri OPENIDC-REDIRECT-URI Redirect URI for the authentication code grant flow -t, --oidc-token-endpoint OPENIDC-TOKEN-ENDPOINT Openidc provider URL which issues access token -u, --username USERNAME Username to access the remote system
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1455