This issues covers two cases:
- Authentication via web/oauth flow from with Wanix environments
- Using web/oauth flow "outside" Wanix (like normal Login button) that is used by Wanix
Both cases are about Wanix being aware of identity and potentially having access to tokens/keys/assertions for that identity. While in a Linux environment, this would be in the form of the logged in user reflecting this identity and keys being available as environment variables.
PAM Prototype
On the Linux side, I prototyped a module for PAM that lets you login with the GitHub OAuth Device Flow, setting the user to my GitHub username and putting an OAuth access token in an environment variable.
Wanix Module
PAM integration is great for Linux environments, but ideally this should be done at the Wanix level. We can use PAM to delegate to Wanix, which could look something like this. This allows non-Linux Wanix instances to have auth, and potentially expose it to other virtualized platforms (Windows, etc). This would also mean writing new authentication strategies could be implemented in Go, whereas Go is not suited for PAM.
Drawing from Plan 9 design, it would likely be a file service that works roughly like Plan 9's factotum. Here is a brief convo with Claude summarizing how factotum works, and what a factotum protocol for GitHub OAuth (as example of general OAuth) could look like:
https://claude.ai/share/a641954a-d307-4ecb-b642-dbaa2a8f60db
External authentication
The above mostly focuses on the case of authentication from within a Wanix/Linux environment. More immediately useful would be to authenticate normally as a web app (starting from a login button for example) and then Wanix can "accept" this in the form of a JWT or something.
This issues covers two cases:
Both cases are about Wanix being aware of identity and potentially having access to tokens/keys/assertions for that identity. While in a Linux environment, this would be in the form of the logged in user reflecting this identity and keys being available as environment variables.
PAM Prototype
On the Linux side, I prototyped a module for PAM that lets you
loginwith the GitHub OAuth Device Flow, setting the user to my GitHub username and putting an OAuth access token in an environment variable.Wanix Module
PAM integration is great for Linux environments, but ideally this should be done at the Wanix level. We can use PAM to delegate to Wanix, which could look something like this. This allows non-Linux Wanix instances to have auth, and potentially expose it to other virtualized platforms (Windows, etc). This would also mean writing new authentication strategies could be implemented in Go, whereas Go is not suited for PAM.
Drawing from Plan 9 design, it would likely be a file service that works roughly like Plan 9's factotum. Here is a brief convo with Claude summarizing how factotum works, and what a factotum protocol for GitHub OAuth (as example of general OAuth) could look like:
https://claude.ai/share/a641954a-d307-4ecb-b642-dbaa2a8f60db
External authentication
The above mostly focuses on the case of authentication from within a Wanix/Linux environment. More immediately useful would be to authenticate normally as a web app (starting from a login button for example) and then Wanix can "accept" this in the form of a JWT or something.