Actions
action #116971
closedMigrate from OpenID to OpenID Connect for authentication
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Feature requests
Target version:
QA (public, currently private due to #173521) - future
Start date:
2022-09-21
Due date:
% Done:
0%
Estimated time:
Description
Motivation¶
Since our standard authentication mechanism, OpenID, is now deprecated in favour of the OAuth 2.0 based OpenID Connect, we should migrate openQA sooner or later too. Fortunately most of the hard work has already been done in Mojolicious::Plugin::OAuth2, which natively supports OpenID Connect (and which we already use for OAuth 2.0). There is some custom code required for retrieving identity information for logged in users though, but that has already been implemented in LegalDB, which used to use the same OpenID authentication code as openQA. So it should be possible to copy most of it.
Acceptance criteria¶
- AC1: OpenID Connect authentication support has been added to openQA.
- AC2: OpenID Connect authentication has been deployed for O3.
- AC3: OpenID Connect authentication has been deployed for OSD.
Suggestions¶
- Register openQA with https://id.opensuse.org for app keys and secrets, O3 and OSD need separate accounts because of hardcoded redirect URIs (contact Bernhard)
- Copy authentication code from LegalDB (https://github.com/openSUSE/cavil/commit/24b08a5e1eeda5be3cc91ea97e974f1d70cd29b0)
- Make sure all identity information required by openQA is available, or request additions from the maintainers
Updated by okurz about 2 years ago
- Category set to Feature requests
- Target version set to future
Isn't this a duplicate for #89023?
Updated by okurz about 2 years ago
- Related to action #89023: Migrate from OpenID to OpenID Connect for authentication added
Updated by kraih about 2 years ago
Updated by kraih about 2 years ago
- Status changed from New to Rejected
Duplicate. I'll update the other ticket with the new information.
Actions