lytedev/nix
1
0
Fork 1
Code Pull requests 4 Activity Actions

feat: add SpacetimeDB kanidm OIDC integration #488

Merged
lytedev merged 1 commit from feat/spacetimedb-kanidm-oidc into main 2026-04-16 22:07:14 -05:00
Conversation 0 Commits 1 Files changed 5 +40 -19
lytedev commented 2026-04-13 15:26:34 -05:00
Owner
Copy link

Summary

  • Add spacetimedb.h.lyte.dev_users group to kanidm migrations
  • Add spacetimedb.h.lyte.dev OAuth2 resource server for OIDC-based SpacetimeDB CLI auth
  • Enables cross-machine identity via kanidm instead of per-server JWT tokens

Test plan

  • Deploy to beefcake
  • Verify kanidm OIDC discovery endpoint responds
  • Test spacetime login --token with kanidm-issued ID token
  • Verify SpacetimeDB publish works with kanidm identity
## Summary - Add `spacetimedb.h.lyte.dev_users` group to kanidm migrations - Add `spacetimedb.h.lyte.dev` OAuth2 resource server for OIDC-based SpacetimeDB CLI auth - Enables cross-machine identity via kanidm instead of per-server JWT tokens ## Test plan - [ ] Deploy to beefcake - [ ] Verify kanidm OIDC discovery endpoint responds - [ ] Test `spacetime login --token` with kanidm-issued ID token - [ ] Verify SpacetimeDB publish works with kanidm identity
feat: add SpacetimeDB OAuth2 client to kanidm migrations
All checks were successful
/ check-format (push) Successful in 10s
Details
/ build (push) Successful in 8m28s
Details
bc6589db33 
Add spacetimedb.h.lyte.dev_users group and spacetimedb.h.lyte.dev
OAuth2 resource server so SpacetimeDB can use kanidm-issued OIDC
tokens for identity, enabling cross-machine CLI auth.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
lytedev force-pushed feat/spacetimedb-kanidm-oidc from bc6589db33
All checks were successful
/ check-format (push) Successful in 10s
Details
/ build (push) Successful in 8m28s
Details
to 18db0991cd
Some checks are pending
/ check-format (push) Waiting to run
Details
/ build (push) Waiting to run
Details
2026-04-13 15:40:15 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from 18db0991cd
Some checks are pending
/ check-format (push) Waiting to run
Details
/ build (push) Waiting to run
Details
to e72974c741
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 6m39s
Details
2026-04-13 15:51:26 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from e72974c741
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 6m39s
Details
to a59f93c67b
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 11m41s
Details
2026-04-13 16:01:41 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from a59f93c67b
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 11m41s
Details
to 520f465f28
Some checks failed
/ check-format (push) Successful in 8s
Details
/ build (push) Has been cancelled
Details
2026-04-13 16:19:29 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from 520f465f28
Some checks failed
/ check-format (push) Successful in 8s
Details
/ build (push) Has been cancelled
Details
to cdecc4447b
Some checks failed
/ check-format (push) Successful in 6s
Details
/ build (push) Has been cancelled
Details
2026-04-13 16:20:00 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from cdecc4447b
Some checks failed
/ check-format (push) Successful in 6s
Details
/ build (push) Has been cancelled
Details
to f679362328
Some checks are pending
/ check-format (push) Waiting to run
Details
/ build (push) Waiting to run
Details
2026-04-13 16:26:28 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from f679362328
Some checks are pending
/ check-format (push) Waiting to run
Details
/ build (push) Waiting to run
Details
to 638b58d2e9
Some checks failed
/ check-format (push) Successful in 7s
Details
/ build (push) Has been cancelled
Details
2026-04-13 16:27:33 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from 638b58d2e9
Some checks failed
/ check-format (push) Successful in 7s
Details
/ build (push) Has been cancelled
Details
to 4e157a1fd3
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 6m3s
Details
2026-04-13 16:38:41 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from 4e157a1fd3
All checks were successful
/ check-format (push) Successful in 7s
Details
/ build (push) Successful in 6m3s
Details
to 65a4c268a0
All checks were successful
/ check-format (push) Successful in 8s
Details
/ build (push) Successful in 5m53s
Details
2026-04-13 17:12:10 -05:00 Compare
lytedev force-pushed feat/spacetimedb-kanidm-oidc from 65a4c268a0
All checks were successful
/ check-format (push) Successful in 8s
Details
/ build (push) Successful in 5m53s
Details
to f146c749a1
All checks were successful
/ check-format (push) Successful in 12s
Details
/ build (push) Successful in 10s
Details
2026-04-16 20:46:22 -05:00 Compare
lytedev deleted branch feat/spacetimedb-kanidm-oidc 2026-04-16 22:07:14 -05:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is wrong

  
enhancement

New feature

  
question

Awaiting information

  
scary

Potentially problematic change

  
upstream

Awaiting upstream changes

No labels
bug
enhancement
question
scary
upstream
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lytedev/nix!488
No description provided.