coordination #89020
Updated by okurz over 3 years ago
## Motivation Again the identity provider we use from openSUSE is making some problems, e.g. see #88751 , so we thought about investing in alternatives that we can use in parallel to the existing way. We already have support for other identity provides but not at the same time ## Acceptance criteria * **AC1:** openqa.opensuse.org offers to login over both the existing provider as well as another one, e.g. using github ## Observation In the openQA configuration one can currently choose between *FakeAuth*, *OpenID* and *OAuth2*. Setting `auth/method` in the config file changes that globally. Only one method can be used at the same time. Changing it would require all logins to go through the new method. And *Login* always immediately redirects to the configured provider. ## Suggestions - *DONE*: ~~Add Add a *provider* column to the *Users* table~~ table - Make *username* unique across providers (so the new unique constraint would be `username,provider` and *not* just `username`) - Allow configuring multiple auth methods at the same time - Allow configuring multiple providers per auth method at the same time at least for *OAuth2* (to be able to support e.g. ipsilon and GitHub at the same time) - Ensure existing data defaults to the active provider upon migration **or** continues to work as-is with manual intervention required - Provide UX in the web UI e.g. expose buttons for providers to choose from - Make it clear in the UI which authentication provider is used