Project

General

Profile

Actions

action #67573

closed

"OpenID Connect" support in openQA

Added by okurz over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Feature requests
Target version:
Start date:
2020-06-02
Due date:
% Done:

0%

Estimated time:

Description

Motivation

We only support "OpenID" and "Fake" authentication so far. In #66703 we can see the problem with the high reliance on OpenID. A more recent standard is "OpenID Connect". We should research how feasible it is to support that.


Related issues 1 (0 open1 closed)

Related to openQA Project - action #66703: Switch to new SUSE/openSUSE authentication systemResolvedokurz2020-05-122020-06-30

Actions
Actions #1

Updated by okurz over 4 years ago

  • Related to action #66703: Switch to new SUSE/openSUSE authentication system added
Actions #2

Updated by kraih over 4 years ago

If i understand OpenID Connect correctly it's really just OAuth 2.0, which might be rather easy to support with existing Mojolicious plugins.

Actions #3

Updated by mkittler over 4 years ago

That's what @cdywan is experimenting with: https://github.com/os-autoinst/openQA/pull/3150

Actions #4

Updated by okurz over 4 years ago

  • Status changed from Workable to Blocked
  • Assignee set to livdywan

Right. So after all as expected it could be the stories align well.

Actions #5

Updated by livdywan over 4 years ago

The difference between OAuth 2.0 and OpenID Connect is that the former provides authorization (am I allowed?), the latter covers authentication (who am I?). So #67576 naturally overlaps with this.

  • Google adheres to the OpenID Connect spec, recognizes/requires openid email scope and provides id_token to avoid calling into Google API to authenticate.
  • Okta also supports id_token.
  • GitHub implements OAuth 2.0 only which is why the authentication requires an extra call into GitHub API and non-standard scopes.
Actions #6

Updated by livdywan over 4 years ago

  • Subject changed from [spike:20h] "OpenID Connect" support in openQA to "OpenID Connect" support in openQA
  • Status changed from Blocked to Workable
  • Assignee deleted (livdywan)

With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.

Actions #7

Updated by okurz about 4 years ago

  • Status changed from Workable to Resolved
  • Assignee set to livdywan

cdywan wrote:

With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.

and that can be done whenever a specific need arises. I would say with the done work we can actually resolve.

Actions

Also available in: Atom PDF