action #67573
closed
"OpenID Connect" support in openQA
Added by okurz over 4 years ago.
Updated over 4 years ago.
Category:
Feature requests
Description
Motivation¶
We only support "OpenID" and "Fake" authentication so far. In #66703 we can see the problem with the high reliance on OpenID. A more recent standard is "OpenID Connect". We should research how feasible it is to support that.
- Related to action #66703: Switch to new SUSE/openSUSE authentication system added
If i understand OpenID Connect correctly it's really just OAuth 2.0, which might be rather easy to support with existing Mojolicious plugins.
- Status changed from Workable to Blocked
- Assignee set to livdywan
Right. So after all as expected it could be the stories align well.
The difference between OAuth 2.0 and OpenID Connect is that the former provides authorization (am I allowed?), the latter covers authentication (who am I?). So #67576 naturally overlaps with this.
- Google adheres to the OpenID Connect spec, recognizes/requires
openid email scope and provides id_token to avoid calling into Google API to authenticate.
- Okta also supports
id_token.
- GitHub implements OAuth 2.0 only which is why the authentication requires an extra call into GitHub API and non-standard scopes.
- Subject changed from [spike:20h] "OpenID Connect" support in openQA to "OpenID Connect" support in openQA
- Status changed from Blocked to Workable
- Assignee deleted (
livdywan)
With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.
- Status changed from Workable to Resolved
- Assignee set to livdywan
cdywan wrote:
With #67576 implemented, this ticket boils down to adding OpenID Connect-implementing providers.
and that can be done whenever a specific need arises. I would say with the done work we can actually resolve.
Also available in: Atom
PDF