wayray

mirror of https://github.com/CloudNebulaProject/wayray.git synced 2026-04-10 13:10:41 +00:00

History

Till Wegmueller a04c04a22c Add ADR-012: Cloud authentication via OAuth/OIDC greeter The greeter bridges cloud identity to local user context: - Device Authorization Grant (RFC 8628) as recommended flow for thin clients (QR code, no browser needed on server) - Authorization Code with PKCE as alternative - Claims-to-user mapping (IdP sub/email/groups -> local uid/gids) - Auto-provisioning on first login (useradd, ZFS home dataset) - Pluggable auth architecture (local, OIDC, smart card, Kerberos) - Ephemeral pre-auth session for greeter display - Session launcher interface unchanged regardless of auth method	2026-03-28 23:17:54 +01:00
..
adr	Add ADR-012: Cloud authentication via OAuth/OIDC greeter	2026-03-28 23:17:54 +01:00
plans	Add greeter/session-launch architecture, clarify scope boundary	2026-03-28 21:35:18 +01:00

Till Wegmueller a04c04a22c

Add ADR-012: Cloud authentication via OAuth/OIDC greeter

The greeter bridges cloud identity to local user context:
- Device Authorization Grant (RFC 8628) as recommended flow
  for thin clients (QR code, no browser needed on server)
- Authorization Code with PKCE as alternative
- Claims-to-user mapping (IdP sub/email/groups -> local uid/gids)
- Auto-provisioning on first login (useradd, ZFS home dataset)
- Pluggable auth architecture (local, OIDC, smart card, Kerberos)
- Ephemeral pre-auth session for greeter display
- Session launcher interface unchanged regardless of auth method

2026-03-28 23:17:54 +01:00

adr

Add ADR-012: Cloud authentication via OAuth/OIDC greeter

2026-03-28 23:17:54 +01:00

plans

Add greeter/session-launch architecture, clarify scope boundary

2026-03-28 21:35:18 +01:00