Project

General

Profile

action #116971

Updated by kraih about 2 years ago

## Motivation 

 Since our standard authentication mechanism, OpenID, is now deprecated in favour of the OAuth 2.0 based [OpenID Connect](https://openid.net/connect/), we should migrate openQA sooner or later too. Fortunately most of the hard work has already been done in [Mojolicious::Plugin::OAuth2](https://metacpan.org/pod/Mojolicious::Plugin::OAuth2), which natively supports OpenID Connect (and which we already use for OAuth 2.0). There is some custom code required for retrieving identity information for logged in users though, but that has already been implemented in [LegalDB](https://github.com/openSUSE/cavil/commit/24b08a5e1eeda5be3cc91ea97e974f1d70cd29b0), which used to use the same OpenID authentication code as openQA. So it should be possible to copy most of it. 

 ## Acceptance criteria 
 * **AC1:** Add OpenID Connect authentication support has been added to openQA. 
 * **AC2:** Deploy OpenID Connect authentication has been deployed for O3. 
 * **AC3:** Deploy OpenID Connect authentication has been deployed for OSD. 

 ## Suggestions 
 * Register openQA with https://id.opensuse.org for app keys and secrets, O3 and OSD need separate accounts because of hardcoded redirect URIs (contact Bernhard) 
 * Copy authentication code from LegalDB (https://github.com/openSUSE/cavil/commit/24b08a5e1eeda5be3cc91ea97e974f1d70cd29b0) 
 * Make sure all identity information required by openQA is available, or request additions from the maintainers

Back