Kontinuous provides an API to access pipeline and build details.
The API doc can be accessed from a running kontinuous instance via {kontinuous-address}/apidocs.
Kontinuous API uses JSON Web Tokens for authentication. This is useful when accessing the API directly. There are several ways of getting a token.
The token needs to be added to the header as Authorization: Bearer {token} to authenticate requests.
This is the method used by Kontinuous UI. This is a slightly modified Github's OAuth Web Application Flow.
-
Kontinuous needs to be registered as a Github OAuth Application. The Client ID and Secret needs to be defined in the kontinuous secret.
-
Redirect users to request Github Access (step 1 in web application flow):
GET https://github.com/login/oauth/authorize?client_id={clientid}&redirect_uri={redirect_url}& scope=user,repo,admin:repo_hook&state={random string}
- Send authorization code to Kontinuous:
POST {kontinuous-url}/api/v1/login/github?code={auth_code}&state={state_from_step_1}
This will return a JSON Web Token that can be used to access the API.
Auth0 is a service for managing authentications. This can be used to generate an auth secret and provide Github access for kontinuous.
- Use Auth0 to create an auth secret to be added to Kontinuous.
- The Web Interface needs to authenticate against Auth0 to use Kontinuous.
Auth0 will provide the JSON Web Token.
A JSON Web Token can be manually created. This requires a github token and the auth secret used by Kontinuous.
To generate a github token, follow this link.
Make sure to enable access to the following:
- repo
- admin:repo_hook
- user
The script scripts/jwt-gen can generate a JSON Web Token to be used for authentication with Kontinuous.
$ scripts/jwt-gen --secret {secret} --github-token {github-token}The generated token's validity can be verified at jwt.io.