public class Login extends TaskclusterRequestHandler
The Login service serves as the interface between external authentication systems and Taskcluster credentials.
Modifier and Type | Field and Description |
---|---|
protected static String |
defaultBaseURL |
Constructor and Description |
---|
Login() |
Login(Credentials credentials) |
Login(Credentials credentials,
String baseURL) |
Login(String baseURL) |
Login(String clientId,
String accessToken) |
Login(String clientId,
String accessToken,
String certificate) |
Modifier and Type | Method and Description |
---|---|
CallSummary<EmptyPayload,CredentialsResponse> |
oidcCredentials(String provider)
Given an OIDC
access_token from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user. |
CallSummary<EmptyPayload,EmptyPayload> |
ping()
Respond without doing anything.
|
apiCall, setBaseURL, uriEncode
protected static final String defaultBaseURL
public Login(Credentials credentials)
public Login(Credentials credentials, String baseURL)
public Login(String baseURL)
public Login()
public CallSummary<EmptyPayload,EmptyPayload> ping() throws APICallFailure
Respond without doing anything. This endpoint is used to check that the service is up.
APICallFailure
public CallSummary<EmptyPayload,CredentialsResponse> oidcCredentials(String provider) throws APICallFailure
Given an OIDC access_token
from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user.
This method is typically not called with a Taskcluster client library and does not accept Hawk credentials. The access_token
should be given in an Authorization
header:
Authorization: Bearer abc.xyz
The access_token
is first verified against the named :provider, then passed to the provider’s APIBuilder to retrieve a user profile. That profile is then used to generate Taskcluster credentials appropriate to the user. Note that the resulting credentials may or may not include a certificate
property. Callers should be prepared for either alternative.
The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.
Copyright © 2014–2018 Mozilla. All rights reserved.