osac-project · jhernand · Jan 7, 2026
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -19,7 +19,7 @@
                                 "--log-level=debug",
                                 "--log-file=stdout",
                                 "--plaintext",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
+                                "127.0.0.1:8000"
                         ]
                 },
                 {
@@ -34,7 +34,7 @@
                                 "--log-file=stdout",
                                 "--insecure",
                                 "--token-script=kubectl create token -n innabox client",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
+                                "localhost:8000"
                         ]
                 },
                 {
@@ -49,7 +49,7 @@
                                 "--log-file=stdout",
                                 "--insecure",
                                 "--oauth-flow=code",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
+                                "localhost:8000"
                         ]
                 },
                 {
@@ -64,24 +64,7 @@
                                 "--log-file=stdout",
                                 "--insecure",
                                 "--oauth-flow=device",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
-                        ]
-                },
-                {
-                        "name": "login (oauth password flow)",
-                        "type": "go",
-                        "request": "launch",
-                        "mode": "auto",
-                        "program": "${workspaceFolder}",
-                        "args": [
-                                "login",
-                                "--log-level=debug",
-                                "--log-file=stdout",
-                                "--insecure",
-                                "--oauth-flow=password",
-                                "--oauth-user=my_user",
-                                "--oauth-password=my_password",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
+                                "localhost:8000"
                         ]
                 },
                 {
@@ -95,7 +78,7 @@
                                 "--log-level=debug",
                                 "--log-file=stdout",
                                 "--ca-file=bundle.pem",
-                                "fulfillment-api.innabox.svc.cluster.local:8000"
+                                "localhost:8000"
                         ]
                 },
                 {

diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/gertd/go-pluralize v0.2.1
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/google/cel-go v0.26.1
-	github.com/innabox/fulfillment-common v0.0.34
+	github.com/innabox/fulfillment-common v0.0.30
 	github.com/mattn/go-colorable v0.1.14
 	github.com/mattn/go-isatty v0.0.20
 	github.com/neilotoole/jsoncolor v0.7.1
@@ -23,8 +23,6 @@ require (
 
 require (
 	github.com/Masterminds/semver/v3 v3.4.0 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
@@ -35,13 +33,9 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/prometheus/client_golang v1.22.0 // indirect
-	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/mock v0.6.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect

diff --git a/go.sum b/go.sum
@@ -77,8 +77,8 @@ github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUq
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/innabox/fulfillment-common v0.0.34 h1:04pRj/Dg9ZjXkem2gCxN7ITi+oUyBR4wvCrZeWcLPMw=
-github.com/innabox/fulfillment-common v0.0.34/go.mod h1:ANsYRiH+DCJeq7mJXvdQ0u9LgxYF01YyLum90yqR/VI=
+github.com/innabox/fulfillment-common v0.0.30 h1:OpVyi05mIQpe3l7Y0gbX3+tn2skaoPSy9Q+Xx+4YZb0=
+github.com/innabox/fulfillment-common v0.0.30/go.mod h1:ANsYRiH+DCJeq7mJXvdQ0u9LgxYF01YyLum90yqR/VI=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=

diff --git a/internal/cmd/login/login_cmd.go b/internal/cmd/login/login_cmd.go
@@ -109,8 +109,8 @@ func Cmd() *cobra.Command {
 		"oauth-flow",
 		string(oauth.DeviceFlow),
 		fmt.Sprintf(
-			"OAuth flow to use. Must be '%s', '%s', '%s' or '%s'.",
-			oauth.CodeFlow, oauth.DeviceFlow, oauth.CredentialsFlow, oauth.PasswordFlow,
+			"OAuth flow to use. Must be '%s', '%s' or '%s'.",
+			oauth.CodeFlow, oauth.DeviceFlow, oauth.CredentialsFlow,
 		),
 	)
 	flags.StringVar(
@@ -144,24 +144,6 @@ func Cmd() *cobra.Command {
 			defaultRedirectUri,
 		),
 	)
-	flags.StringVar(
-		&runner.args.oauthUser,
-		"oauth-user",
-		"",
-		fmt.Sprintf(
-			"OAuth user name. This is required for the '%s' flow.",
-			oauth.PasswordFlow,
-		),
-	)
-	flags.StringVar(
-		&runner.args.oauthPassword,
-		"oauth-password",
-		"",
-		fmt.Sprintf(
-			"OAuth password. This is required for the '%s' flow.",
-			oauth.PasswordFlow,
-		),
-	)
 	flags.MarkHidden("address")
 	flags.MarkHidden("private")
 	flags.MarkHidden("token")
@@ -191,8 +173,6 @@ type runnerContext struct {
 		oauthClientSecret string
 		oauthScopes       []string
 		oauthRedirectUri  string
-		oauthUser         string
-		oauthPassword     string
 	}
 }
 
@@ -351,8 +331,6 @@ func (c *runnerContext) run(cmd *cobra.Command, args []string) error {
 		cfg.OAuthClientSecret = c.args.oauthClientSecret
 		cfg.OAuthScopes = c.args.oauthScopes
 		cfg.OAuthRedirectUri = c.args.oauthRedirectUri
-		cfg.OAuthUser = c.args.oauthUser
-		cfg.OAuthPassword = c.args.oauthPassword
 	}
 
 	// Replace the gRPC anonymous connection with the authenticated one:
@@ -482,8 +460,6 @@ func (c *runnerContext) createTokenSource(ctx context.Context, tokenIssuer strin
 			SetClientSecret(c.args.oauthClientSecret).
 			SetScopes(c.args.oauthScopes...).
 			SetRedirectUri(c.args.oauthRedirectUri).
-			SetUsername(c.args.oauthUser).
-			SetPassword(c.args.oauthPassword).
 			Build()
 		if err != nil {
 			err = fmt.Errorf("failed to create OAuth token source: %w", err)
@@ -506,13 +482,10 @@ func (l *oauthFlowListener) Start(ctx context.Context, event oauth.FlowStartEven
 		return l.startCodeFlow(ctx, event)
 	case oauth.DeviceFlow:
 		return l.startDeviceFlow(ctx, event)
-	case oauth.CredentialsFlow, oauth.PasswordFlow:
-		// These flows don't require user interaction, so there is nothing to do here.
-		return nil
 	default:
 		return fmt.Errorf(
-			"unsupported flow '%s', must be '%s', '%s', '%s' or '%s'",
-			event.Flow, oauth.CodeFlow, oauth.DeviceFlow, oauth.CredentialsFlow, oauth.PasswordFlow,
+			"unsupported flow '%s', must be '%s' or '%s'",
+			event.Flow, oauth.CodeFlow, oauth.DeviceFlow,
 		)
 	}
 }

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -53,8 +53,6 @@ type Config struct {
 	OAuthClientSecret string     `json:"oauth_client_secret,omitempty"`
 	OAuthScopes       []string   `json:"oauth_scopes,omitempty"`
 	OAuthRedirectUri  string     `json:"oauth_redirect_uri,omitempty"`
-	OAuthUser         string     `json:"oauth_user,omitempty"`
-	OAuthPassword     string     `json:"oauth_password,omitempty"`
 
 	caPool *x509.CertPool
 }
@@ -159,8 +157,6 @@ func (c *Config) TokenSource(ctx context.Context) (result auth.TokenSource, err
 			SetClientSecret(c.OAuthClientSecret).
 			SetScopes(c.OAuthScopes...).
 			SetRedirectUri(c.OAuthRedirectUri).
-			SetUsername(c.OAuthUser).
-			SetPassword(c.OAuthPassword).
 			SetInsecure(c.Insecure).
 			SetCaPool(c.caPool).
 			SetStore(tokenStore).