Hello, devs.
As you might already know we are going to get rid of Keycloak as a mandatory
dependency in future versions of Che with DevWorkspacces. That touches [1]
OAuth2 configuration a bit. For a while, we use Kyecloak to obtain Github/Gitlab
tokens with our deligated OAuth server implementation. Our internal OAuth2
implementation was disabled by default.
And now, when we remove Keycloak based OAuth2 implementation we want to make sure
that our existing OAuth2 implementation supports the highest security standards.
That is why we want to change the way how it is configured from environment
variables to the files. These files would be mounted by che-operator to the
che-server pod in the necessary locations. That means for the users who previously
used secrets [2] to configure Github or Gitlab nothing will be changed in this area
moving from Che7 workspaces to devworkspaces.
The only group that potentially can be touched with this change is the one that
uses "embedded" OAuth2 implementation with manual configuration. After this
change, you'll have to reconfigure Che installation and uses secrets as
described here [2]
[1] Private Github factories with OAuth2 providers without keycloak
https://github.com/eclipse/che/issues/20497 [2]
https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#configuring-github-oauth_che
--
