From: Shannon Sterz <s.sterz@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH datacenter-manager/yew-comp v2 0/8] openid support for PDM
Date: Fri, 17 Oct 2025 15:57:55 +0200 [thread overview]
Message-ID: <20251017135802.363955-2-s.sterz@proxmox.com> (raw)
this series adds openid support to PDM. the implementation is based on
PBS' implementation with a some adaptions:
- small refactorings to use more data types instead of simply putting
them together with serde_json::json!
- move variables into format strings where possible
- only support the HttpOnly variant of the authentication flow
when going through this i at first wanted to put most of the api
endpoints' logic into a proxmox-rs crate. however, after some discussion
off and on list i've decided to put this into pdm directly for now. we
can factor out these api endpoints plus some general realm management
logic into proxmox-access-control as a follow-up.
the first part of this series mostly concerns yew-comp and makes several
changes:
- allows integration with our default realm backend logic
- add support for openid login
- add an icon to the "OpenId Connect Server" menu option
- allow setting openid realms as default realms
- add a helper to detect and parse openid authorization parameters to
the utils module
Changelog
---------
changes since v1 (thanks @ Fabian Grünbichler)
- fix `use` statement order grouping for the api endpoints
- add a schema to the redirect url parameter
- use proper CreateTicketResponse struct (from proxmox-auth-api) and use
its API_SCHEMA definition
the first two patches where taken from a different series [1] and slightly
adapted:
- remove a useless log statement
- instead of referring to "openid authentication" correctly call it
"openid authorization"
- remove a useless sort() call
[1]: https://lore.proxmox.com/all/20251008151936.386950-1-s.sterz@proxmox.com/
proxmox-yew-comp:
Shannon Sterz (5):
login_panel/realm_selector: use default realm provided by api
login_panel/realm_selector: add support for openid realm logins
auth view: add openid icon to openid menu option
auth edit openid: add a default realm checkbox
utils/login panel: move openid redirection authorization helper to
utils
src/auth_edit_openid.rs | 11 +-
src/auth_view.rs | 2 +-
src/login_panel.rs | 312 +++++++++++++++++++++++++++++++---------
src/realm_selector.rs | 83 ++++++++++-
src/utils.rs | 32 +++++
5 files changed, 357 insertions(+), 83 deletions(-)
proxmox-datacenter-manager:
Shannon Sterz (3):
api-types: add default field to openid realm config
server: api: add support for adding openid realms and openid logins
ui: enable openid realms in realm panel
Cargo.toml | 2 +-
lib/pdm-api-types/src/openid.rs | 3 +
server/Cargo.toml | 1 +
server/src/api/access/mod.rs | 2 +
server/src/api/access/openid.rs | 284 ++++++++++++++++++++++++
server/src/api/config/access/mod.rs | 2 +
server/src/api/config/access/openid.rs | 289 +++++++++++++++++++++++++
server/src/auth/mod.rs | 6 +-
ui/src/configuration/mod.rs | 1 +
9 files changed, 588 insertions(+), 2 deletions(-)
create mode 100644 server/src/api/access/openid.rs
create mode 100644 server/src/api/config/access/openid.rs
Summary over all repositories:
14 files changed, 945 insertions(+), 85 deletions(-)
--
Generated by git-murpp 0.8.1
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next reply other threads:[~2025-10-17 13:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 13:57 Shannon Sterz [this message]
2025-10-17 13:57 ` [pdm-devel] [PATCH yew-comp v2 1/5] login_panel/realm_selector: use default realm provided by api Shannon Sterz
2025-10-22 17:03 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:57 ` [pdm-devel] [PATCH yew-comp v2 2/5] login_panel/realm_selector: add support for openid realm logins Shannon Sterz
2025-10-22 17:03 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:57 ` [pdm-devel] [PATCH yew-comp v2 3/5] auth view: add openid icon to openid menu option Shannon Sterz
2025-10-22 17:03 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:57 ` [pdm-devel] [PATCH yew-comp v2 4/5] auth edit openid: add a default realm checkbox Shannon Sterz
2025-10-22 17:03 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:58 ` [pdm-devel] [PATCH yew-comp v2 5/5] utils/login panel: move openid redirection authorization helper to utils Shannon Sterz
2025-10-22 17:03 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:58 ` [pdm-devel] [PATCH datacenter-manager v2 1/3] api-types: add default field to openid realm config Shannon Sterz
2025-10-22 17:22 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:58 ` [pdm-devel] [PATCH datacenter-manager v2 2/3] server: api: add support for adding openid realms and openid logins Shannon Sterz
2025-10-22 17:22 ` [pdm-devel] applied: " Thomas Lamprecht
2025-10-17 13:58 ` [pdm-devel] [PATCH datacenter-manager v2 3/3] ui: enable openid realms in realm panel Shannon Sterz
2025-10-22 17:22 ` [pdm-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251017135802.363955-2-s.sterz@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.