action #67573
closed"OpenID Connect" support in openQA
Description
Updated by okurz over 4 years ago
- Related to action #66703: Switch to new SUSE/openSUSE authentication system added
Updated by kraih over 4 years ago
If i understand OpenID Connect correctly it's really just OAuth 2.0, which might be rather easy to support with existing Mojolicious plugins.
Updated by mkittler over 4 years ago
That's what @cdywan is experimenting with: https://github.com/os-autoinst/openQA/pull/3150
Updated by okurz over 4 years ago
- Status changed from Workable to Blocked
- Assignee set to livdywan
Right. So after all as expected it could be the stories align well.
Updated by livdywan over 4 years ago
The difference between OAuth 2.0 and OpenID Connect is that the former provides authorization (am I allowed?), the latter covers authentication (who am I?). So #67576 naturally overlaps with this.
- Google adheres to the OpenID Connect spec, recognizes/requires
openid email
scope and providesid_token
to avoid calling into Google API to authenticate. - Okta also supports
id_token
. - GitHub implements OAuth 2.0 only which is why the authentication requires an extra call into GitHub API and non-standard scopes.
Updated by livdywan over 4 years ago
- Subject changed from [spike:20h] "OpenID Connect" support in openQA to "OpenID Connect" support in openQA
- Status changed from Blocked to Workable
- Assignee deleted (
livdywan)
With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.
Updated by okurz about 4 years ago
- Status changed from Workable to Resolved
- Assignee set to livdywan
cdywan wrote:
With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.
and that can be done whenever a specific need arises. I would say with the done work we can actually resolve.