Passport (Identity Delegation)
Passport manages OAuth provider registration, identity delegation, and maintains an audit trail of all authorization activities across the Shift Platform.
What It Does
- Provider Management — Register and manage OAuth providers with client credentials, scopes, and redirect URIs.
- Authorization Delegation — Create and manage authorization grants for users against registered providers.
- Audit Trail — Track all authorization-related actions with a tamper-evident audit log.
Key Concepts
| Concept | Description |
|---|---|
| Provider | A registered OAuth provider (e.g., GitHub, Google, Slack) with its client configuration. |
| Authorization | A granted authorization linking a user to a provider with specific scopes and a token. |
| Audit Entry | An immutable record of an authorization-related action (create, revoke, refresh, etc.). |
Configuration
| Setting | Value |
|---|---|
| Storage Directory | .passport/ |
| API Dev Port | 4002 |
| Web Dev Port | 4102 |
| Gateway Prefix | /api/v1/passport/* |
Getting Started
Register an OAuth provider:
shift-cli passport providers create
Or via the API:
curl -X POST http://localhost:3000/api/v1/passport/providers \
-H "Content-Type: application/json" \
-d '{
"name": "github",
"type": "oauth2",
"clientId": "your-client-id",
"scopes": ["repo", "user"],
"redirectUri": "http://localhost:3000/callback"
}'
Then create an authorization and review the audit trail:
shift-cli passport authorizations create
shift-cli passport audit