wayray

CloudNebulaProject/wayray

Fork 0

mirror of https://github.com/CloudNebulaProject/wayray.git synced 2026-04-10 21:20:40 +00:00

Commit graph

Author	SHA1	Message	Date
Till Wegmueller	a04c04a22c	Add ADR-012: Cloud authentication via OAuth/OIDC greeter The greeter bridges cloud identity to local user context: - Device Authorization Grant (RFC 8628) as recommended flow for thin clients (QR code, no browser needed on server) - Authorization Code with PKCE as alternative - Claims-to-user mapping (IdP sub/email/groups -> local uid/gids) - Auto-provisioning on first login (useradd, ZFS home dataset) - Pluggable auth architecture (local, OIDC, smart card, Kerberos) - Ephemeral pre-auth session for greeter display - Session launcher interface unchanged regardless of auth method	2026-03-28 23:17:54 +01:00

Author

SHA1

Message

Date

Till Wegmueller

a04c04a22c

Add ADR-012: Cloud authentication via OAuth/OIDC greeter

The greeter bridges cloud identity to local user context:
- Device Authorization Grant (RFC 8628) as recommended flow
  for thin clients (QR code, no browser needed on server)
- Authorization Code with PKCE as alternative
- Claims-to-user mapping (IdP sub/email/groups -> local uid/gids)
- Auto-provisioning on first login (useradd, ZFS home dataset)
- Pluggable auth architecture (local, OIDC, smart card, Kerberos)
- Ephemeral pre-auth session for greeter display
- Session launcher interface unchanged regardless of auth method

2026-03-28 23:17:54 +01:00

1 commit