Skip to content

Add transparent SSO login support to ops#29

Merged
sciabarracom merged 4 commits into
apache:mainfrom
miki3421:poc/keycloak-sso-cli
Jul 9, 2026
Merged

Add transparent SSO login support to ops#29
sciabarracom merged 4 commits into
apache:mainfrom
miki3421:poc/keycloak-sso-cli

Conversation

@miki3421

@miki3421 miki3421 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR adds transparent SSO support to the ops CLI. When SSO is enabled in configuration, ops -login uses OIDC device flow instead of prompting for local OpenServerless username/password credentials.

Changes

  • Add OIDC device-flow login with PKCE.
  • Add ops config sso command support.
  • Preserve existing password login behavior when SSO is disabled.
  • Avoid persisting or exposing the OIDC access token.
  • Update login behavior so SSO-enabled environments can reach the same local AUTH / .wskprops state as legacy login.
  • Add tests for SSO config and login behavior.

Validation

  • git diff --check
  • go test ./... was not run locally because go is not available in the current environment.

Notes

The user-facing login command remains unchanged. SSO is selected from configuration/environment, so existing non-SSO workflows continue to work as before.

@sciabarracom sciabarracom merged commit 59446ff into apache:main Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants