[MGNLSSO-53] Add OAuth support to sso module Created: 15/Apr/21 Updated: 20/Jan/23 |
|
| Status: | Open |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Leah Staniorski | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
[ ]*
New SSO module includes OAuth
[ ]*
OAuth method added to documentation
|
| Task DoR: |
Empty
|
| Date of First Response: | |
| Epic Link: | SSO support for custom IdPs |
| Team: |
| Description |
|
https://docs.magnolia-cms.com/product-docs/Modules/List-of-modules/SSO-module.html The SSO module currently supports OpenID Connect identity via pac4j. It does not currently support OAuth, although the pac4j library does support OAuth, so extending the module to support both shouldn't be too overly complicated. Please also add documentation for this. Since the old SSO module did support OAuth and is now deprecated, we should add support for OAuth here for clients who use/require OAuth. Old module: https://documentation.magnolia-cms.com/display/SERVICES/Single+Sign+On |
| Comments |
| Comment by Leah Staniorski [ 15/Apr/21 ] |
|
From Lars: https://www.pac4j.org/4.3.x/docs/config.html I once made a Pac4j prototype that could use the OAuth params:
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oauth</artifactId>
<version>${pac4jVersion}</version>
</dependency>
a generic version with Google and OAuth looked like: # generic OAUTH2 example with a Google account, settings can be # different based on the provider # https://accounts.google.com/.well-known/openid-configuration oauth2.id: 124665636344040-i1nrqtmm5g58gp7hfiidf4iq9lh5ap47.apps.googleusercontent.com oauth2.secret: 4YSHq9V6Cm6saugBuySTmaococ9 oauth2.authUrl: https://accounts.google.com/o/oauth2/v2/auth oauth2.tokenUrl: https://oauth2.googleapis.com/token oauth2.profileUrl: https://www.googleapis.com/oauth2/v1/userinfo oauth2.scope: email profile # set as needed oauth2.withState: true # which of the delivered properties is the user id (optional) oauth2.profile.Id: id #oauth2.clientAuthenticationMethod #oauth2.profilePath: |
| Comment by Matt Rajkovic [ 09/Nov/22 ] |
|
We'll revisit this ticket in grooming in context of SSO 3.0.0 which already uses Pac4j. |