|
|
|
@ -112,6 +112,24 @@ $ go run web-identity.go -cid 204367807228-ok7601k6gj1pgge7m09h7d79co8p35xx.apps |
|
|
|
|
2018/12/26 17:49:36 listening on http://localhost:8080/ |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Note: For a reasonable test outcome, make sure the assumed user has at least permission/policy to list all buckets. That policy would look like below: |
|
|
|
|
``` |
|
|
|
|
{ |
|
|
|
|
"version": "2012-10-17", |
|
|
|
|
"statement": [ |
|
|
|
|
{ |
|
|
|
|
"effect": "Allow", |
|
|
|
|
"action": [ |
|
|
|
|
"s3:ListAllMyBuckets" |
|
|
|
|
], |
|
|
|
|
"resource": [ |
|
|
|
|
"arn:aws:s3:::*" |
|
|
|
|
] |
|
|
|
|
} |
|
|
|
|
] |
|
|
|
|
} |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
## Authorization Flow |
|
|
|
|
|
|
|
|
|
- Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant. |
|
|
|
|