QA » openQA Project

Motivation¶

Since our standard authentication mechanism, OpenID, is now deprecated in favour of the OAuth 2.0 based OpenID Connect, we should migrate openQA sooner or later too. Fortunately most of the hard work has already been done in Mojolicious::Plugin::OAuth2, which natively supports OpenID Connect (and which we already use for OAuth 2.0). There is some custom code required for retrieving identity information for logged in users though, but that has already been implemented in LegalDB, which used to use the same OpenID authentication code as openQA. So it should be possible to copy most of it.

Acceptance criteria¶

• AC1: OpenID Connect authentication support has been added to openQA.
• AC2: OpenID Connect authentication has been deployed for O3.
• AC3: OpenID Connect authentication has been deployed for OSD.

Suggestions¶

• Register openQA with https://id.opensuse.org for app keys and secrets, O3 and OSD need separate accounts because of hardcoded redirect URIs (contact Bernhard)
• Copy authentication code from LegalDB (https://github.com/openSUSE/cavil/commit/24b08a5e1eeda5be3cc91ea97e974f1d70cd29b0)
• Make sure all identity information required by openQA is available, or request additions from the maintainers