containerd-wasm-shims
oauth
containerd-wasm-shims | oauth | |
---|---|---|
4 | 36 | |
293 | - | |
3.1% | - | |
8.1 | - | |
about 1 month ago | - | |
Rust | ||
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
containerd-wasm-shims
-
Spin 1.0 — The Developer Tool for Serverless WebAssembly
Besides deploying the application locally and deploying to Fermyon Cloud, you can also deploy your Spin application to Kubernetes using the new Containerd integration for Spin.
-
Why did the Krustlet project die?
Yeah, runtimeClass lets you specify which CRI plugin you want based on what you have available. Here's an example from the containerd documentation - you could have one node that can run containers under standard runc, gvisor, kata containers, or WASM. Without runtimeClass, you'd need either some form of custom solution or four differently configured nodes to run those different runtimes. That's how krustlet did it - you'd have kubelet/containerd nodes and krustlet/wasm nodes, and could only run the appropriate workload on each node type.
-
New Docker Desktop: Run WASM Applications Alongside Linux Containers in Docker
You can absolutely install the wasm shim without Desktop. (They won't tell you that because Desktop is a revenue stream for Mirantis.)
In your VM or WSL instance that's running Docker, get the shim from here: https://github.com/deislabs/containerd-wasm-shims (You might need to build it yourself)
Then specify the --runtime and --platform arguments like instructed in the doc, but with a slight modification:
--runtime=containerd-wasm-shim=/path/to/containerd/wasm/shim
This works because the container runtime is simply a Go binary, and Go binaries are completely self-contained.
oauth
-
Implementing SSO in React with GitHub OAuth2
import { useEffect, useState } from "react"; import "./App.css"; import Profile from "./components/profile/Profile"; function App() { // Extracting the 'code' parameter from the URL query string (used for authorization) const urlParams = new URLSearchParams(window.location.search); const code = urlParams.get("code"); // State to store the retrieved user data const [data, setData] = useState(null); // State to indicate if data is being fetched const [loading, setLoading] = useState(false); // Runs whenever the 'code' variable changes (likely on authorization flow) useEffect(() => { const token = localStorage.getItem("token"); if (token) { setLoading(true); // Set loading to true while fetching data fetch("https://api.github.com/user", { headers: { Authorization: token }, }) .then((res) => res.json()) // Parse the response as JSON .then((data) => { setData(data); // Update state with fetched user data setLoading(false); // Set loading to false when done fetching }); } else if (code) { // If no token but 'code' is available (GitHub OAuth flow) setLoading(true); // Set loading to true while fetching data fetch( `http://localhost:8589/oauth/redirect?code=${code}&state=YOUR_RANDOMLY_GENERATED_STATE` ) .then((res) => res.json()) // Parse the response as JSON .then((data) => { setData(data.userData); // Update state with user data from response localStorage.setItem( "token", `${data.tokenType} ${data.token}` ); // Store access token in local storage setLoading(false); // Set loading to false when done fetching }); } }, [code]); // Function to redirect the user to the GitHub OAuth authorization page function redirectToGitHub() { const client_id = "blah blah"; const redirect_uri = "http://localhost:5173/"; const scope = "read:user"; const authUrl = `https://github.com/login/oauth/authorize?client_id=${client_id}&redirect_uri=${redirect_uri}&scope=${scope}`; window.location.href = authUrl; } // Conditionally render content based on loading state and data availability if (loading) { return
Loading...h4>; } if (data) { return ; } return ( <>
Login to MyApph1> Login with GitHub button> div> ); } export default App;
-
FastAPI Production Setup Guide 🏁⚡️🚀
import hashlib from datetime import datetime import httpx from fastapi import APIRouter, HTTPException, Query from app.config import settings from app.utilities.db import db from .models import OauthException, OauthToken router = APIRouter() @router.get( "/callback", response_model=OauthToken, responses={ 400: {"description": "Oauth Error", "model": OauthException}, }, ) async def oauth_callback( code: str = Query(description="Authorization Code"), ) -> OauthToken: """ GitHub Oauth Integration Callback """ async with httpx.AsyncClient() as client: token_result = await client.post( "https://github.com/login/oauth/access_token", json={ "client_id": settings.github_oauth_client_id, "client_secret": settings.github_oauth_client_secret, "code": code, "redirect_uri": "http://localhost:8000/v1/auth/callback", }, headers={"Accept": "application/json"}, ) data = token_result.json() error = data.get("error") if error: raise HTTPException( status_code=400, detail=f"{data.get('error')}: {data.get('error_description')}", ) access_token: str = data.get("access_token") user_result = await client.get( "https://api.github.com/user", headers={"Authorization": f"Bearer {access_token}"}, ) user_data = user_result.json() user = user_data.get("login") await db.tokens.insert_one( { "user": user, "access_token_hash": hashlib.sha256(access_token.encode()).hexdigest(), "created_date": datetime.utcnow(), }, ) return OauthToken(access_token=access_token)
-
Laravel SPA OAuth using GitHub, Socialite, and Sanctum
The actual URL is https://github.com/login/oauth/authorize?client_id=bbb58b28cdd98636e3e2&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Fcallback&scope=user%3Aemail&response_type=code
-
An Opinionated Guide to DRF OAuth
GOOGLE_CLIENT_ID = os.environ["GOOGLE_CLIENT_ID"] GOOGLE_CLIENT_SECRET = os.environ["GOOGLE_CLIENT_SECRET"] GOOGLE_TOKEN_URL = "https://www.googleapis.com/oauth2/v4/token" GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth" GITHUB_CLIENT_ID = os.environ["GITHUB_CLIENT_ID"] GITHUB_CLIENT_SECRET = os.environ["GITHUB_CLIENT_SECRET"] GITHUB_TOKEN_URL = "https://github.com/login/oauth/access_token" GITHUB_AUTH_URL = "https://github.com/login/oauth/authorize"
-
How to implement Oauth route from scratch
export const GET = async ({ cookies }) => { const state = generateRandomString(40); // I recommend using nanoid cookies.set("github_oauth_state", state, { httpOnly: true, secure: !dev, // disable when using localhost maxAge: 60 * 60 // 1 hour expiry, path: "/" }); const authorizationUrlSearchParams = new URLSearchParams({ client_id: GITHUB_CLIENT_ID, state }); const authorizationUrl = https://github.com/login/oauth/authorize?${authorizationUrlSearchParams}; // redirect to authorization url return new Response(null, { status: 302, headers: { Location: authorizationUrl } }); } ```
-
Questions regarding JWT Authentication with OAuth Login in .net WebApi
services.AddCookie("Google-Cookie") .AddOAuth("Google", options => { options.SignInScheme = "Google-Cookie"; options.ClientId = configuration["ClientId"]>; options.ClientSecret = configuration["ClientSecret"]; options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize"; options.TokenEndpoint = "https://github.com/login/oauth/access_token"; options.UserInformationEndpoint = "https://api.github.com/user"; options.CallbackPath = "/api/Google-Redirect"; options.Scope.Clear(); options.Scope.Add("read:user"); options.SaveTokens = true; // Not sure what does this do options.Events.OnCreatingTicket = async context => { using var request = new HttpRequestMessage(HttpMethod.Get, options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken); using var result = await context.Backchannel.SendAsync(request); var user = await result?.Content?.ReadFromJsonAsync(); context.RunClaimActions(user); // I don't think this is needed // Create claims for the token var claims = new Claim[] { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email) }; // Create the token var token = new JwtSecurityToken( issuer: configuration["JWT_Issuer"], audience: configuration["JWT_Audience"], claims: claims, expires: DateTime.UtcNow.AddHours(1);, signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JWT_Secret"]));, SecurityAlgorithms.HmacSha256) ); // Generate the token string var tokenString = new JwtSecurityTokenHandler().WriteToken(token); context.Response.Cookies.Append("X-Access-Token", tokenString, new CookieOptions() { HttpOnly = true, SameSite = SameSiteMode.Strict }); }; } );
-
Spin 1.0 — The Developer Tool for Serverless WebAssembly
# Verify the content of the artifact at the given digest, as well as the fact # that the signature has been created by a GitHub actor with the given email. $ cosign verify ghcr.io/radu-matei/hello-spin@sha256:6f886e428152a32ada6303e825975e1a9798de86977e532991a352d02c98f62c \ --certificate-oidc-issuer https://github.com/login/oauth \ --certificate-identity [email protected] Verification for ghcr.io/radu-matei/hello-spin@sha256:6f886e428152a32ada6303e825975e1a9798de86977e532991a352d02c98f62c -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates
-
Spring Cloud Gateway Combined with the Security Practice of OAuth2.0 Protocol
@Bean ClientRegistrationRepository clientRegistrationRepository(JdbcTemplate jdbcTemplate) { JdbcClientRegistrationRepository jdbcClientRegistrationRepository = new JdbcClientRegistrationRepository(jdbcTemplate); ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("github") .clientId("123456") .clientSecret("123456") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}") .scope(new String[]{"read:user"}) .authorizationUri("https://github.com/login/oauth/authorize") .tokenUri("https://github.com/login/oauth/access_token") .userInfoUri("https://api.github.com/user") .userNameAttributeName("login") .clientName("GitHub").build(); jdbcClientRegistrationRepository.save(clientRegistration); return jdbcClientRegistrationRepository; }
-
3 Steps to OAuth (with Code & Examples!)
const oauthUri = `https://github.com/login/oauth/authorize?client_id=${process.env.NEXT_PUBLIC_GH_CLIENT_ID}&scope=user:email,read:user&redirect_uri=http://localhost:3000/api/auth`
-
Weird Stack Overflow exp when spinning up my localhost. Working with OAuth
var builder = WebApplication.CreateBuilder(args); builder.Services.AddAuthentication() .AddOAuth("github", o => { o.ClientId = "###"; o.ClientSecret = "###"; o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize"; o.TokenEndpoint = "https://github.com/login/oauth/access_token"; o.CallbackPath = "/oauth/github-cb"; o.UserInformationEndpoint = "https://api.github.com/user"; }); var app = builder.Build(); app.MapGet("/", (HttpContext context) => { return context.User.Claims.Select(x => new { x.Type, x.Value }).ToList(); }); app.MapGet("/login", () => { return Results.Challenge(authenticationSchemes: new List() { "github" }); }); app.Run(); --------------------------------------------- dotnet : Stack overflow. At line:1 char:1 + dotnet watch --no-hot-reload 2> output.txt + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Stack overflow.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError at System.Collections.Generic.Dictionary`2[[Microsoft.Extensions.DependencyInjection.Servi ceLookup.ServiceCacheKey, Microsoft.Extensions.DependencyInjection, ...Goes on for an other 60.000 lines
What are some alternatives?
krustlet - Kubernetes Rust Kubelet
node-oauth2-server - Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
spin-plugin-k8s - A Kubernetes Plugin for Fermyon Spin
NopeCHA - Automatically solve reCAPTCHA, hCaptcha, FunCAPTCHA, AWS CAPTCHA, and text-based CAPTCHA with a browser extension.
spin-fileserver - A static file server implemented as a Spin component
microsoft-authentication-library-for-js - Microsoft Authentication Library (MSAL) for JS
runwasi - Implementation for runs wasm workloads in Wasmedge
react-coding-challenges - A series of ReactJS coding challenges with a variety of difficulties.
preview2-prototyping - Polyfill adapter for preview1-using wasm modules to call preview2 functions.
applications
Podman Desktop - Podman Desktop - A graphical tool for developing on containers and Kubernetes
react-github-login - :octocat: A React Component for GitHub Login