FAQ | This is a LIVE service | Changelog

Skip to content

Additional documentation request

HEAT Ticket 617055

Hi,

After a lot of work, I've managed to get Apache to do both OIDC for signing in people (as a Raven equivalent) and OAuth2 for validating bearer tokens (for programmatic access using a service account). The purpose of this is to allow both interactive and programmatic access to an OpenAPI endpoint.

So that the next person doesn't have the same experience as me, could you add some bits to your documentation please?

  1. Installing mod_openidc

On Ubuntu it is quite easy, and is documented. On CentOS 8 it takes a bit more work.

If you just want to authenticate people, the following runes are required: dnf module enable mod_auth_openidc yum install mod_auth_openidc

(I don't know why this has to be specially enabled with a dnf command - I've never done that before for any program.)

If you want to have people or programs, the distribution version in CentOS has showstopper bugs - you need to compile it from source https://github.com/zmartzone/mod_auth_openidc

  1. AuthType

There are three AuthType options in the openidc Apache module. openid-connect: used for OIDC workflow, typical Raven usage