Skip to content

use generic OIDC for frontend#168

Draft
pmeier wants to merge 5 commits into
mainfrom
frontend-oidc
Draft

use generic OIDC for frontend#168
pmeier wants to merge 5 commits into
mainfrom
frontend-oidc

Conversation

@pmeier

@pmeier pmeier commented Jul 12, 2026

Copy link
Copy Markdown
Member

No description provided.

pmeier added 5 commits July 12, 2026 13:56
- Replace keycloak-js with oidc-spa in frontend/package.json
- Update src/auth/index.ts to use oidc-spa/core API
- Delete backend/src/ravnar_nebari_chat/_authenticators.py
- Replace keycloak values block with oidc in values.yaml
- Update frontend configmap to generate auth-config.json
- Update deployment to mount auth-config.json instead of keycloak-config.json
- Replace keycloak_authenticator with inline BearerTokenAuthenticator/OIDCTokenValidator in config.yaml
security:
authenticator:
cls_or_fn: ravnar_nebari_chat.keycloak_authenticator
cls_or_fn: _ravnar.authenticators.BearerTokenAuthenticator

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use ravnar over _ravnar in this file

cls_or_fn: _ravnar.authenticators.OIDCTokenValidator
params:
issuer: '{{ required "oidc.issuer is required" .Values.oidc.issuer }}'
default_permissions:

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to properly enumerate all perms for BC

oidc:
# -- The OIDC issuer URL (e.g. https://keycloak.example.com/realms/nebari)
issuer: ""
# -- The OIDC client ID for the SPA

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still have a default value?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant