Skip to content

openshift/oauth-server

Repository files navigation

oauth-server

The OAuth Server is the authentication gateway for OpenShift clusters. It handles user authentication via configurable identity providers and issues OAuth 2.0 access tokens for cluster API access.

Overview

The OAuth Server runs as the oauth-openshift deployment in the openshift-authentication namespace and is managed by the cluster-authentication-operator.

Documentation: See ARCHITECTURE.md for comprehensive architecture details including features, components, and design decisions

Quick Start

View OAuth server in a cluster:

oc get deployment oauth-openshift -n openshift-authentication
oc get pods -n openshift-authentication -l app=oauth-openshift
oc logs -n openshift-authentication -l app=oauth-openshift -c oauth-openshift
oc get oauth cluster -o yaml

Build locally:

make build

For development setup, build commands, testing, and project structure, see CONTRIBUTING.md - Development Setup.

Deployment

The OAuth server is deployed as oauth-openshift in the openshift-authentication namespace and is managed by the cluster-authentication-operator. Do not deploy manually in production clusters.

For complete deployment details including replicas, volumes, dependencies, and configuration, see ARCHITECTURE.md - Deployment Architecture.

Security

The OAuth server is a security-critical component:

  • Follow OAuth 2.0 security best practices (RFC 6749 Section 10)
  • Never log passwords, tokens, or session cookies
  • Never bypass TLS validation or skip authentication checks
  • For security issues, follow the OpenShift Security Response Process

For detailed security architecture, see ARCHITECTURE.md - Security Architecture.

External OIDC Migration

Note: External OIDC support is available; when enabled, this OAuth server is disabled and the cluster uses an external OIDC provider. See ARCHITECTURE.md - External OIDC for details.

Contributing

See CONTRIBUTING.md for code conventions, testing guidelines, and pull request process.

Resources

Support

For issues and questions:

License

This project is licensed under the Apache License 2.0. See the LICENSE file for details.

About

Coming soon. Do not import.

Resources

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors