[MGNLSSO-55] Add support for OIDC implicit flow Created: 12/May/21  Updated: 31/Aug/21  Resolved: 28/Jun/21

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Viet Nguyen Assignee: Maxime Michel
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Currently the SSO module documentation https://docs.magnolia-cms.com/product-docs/Modules/List-of-modules/SSO-module.html doesn't state which of OIDC "Authorization Code Flow" or "Implicit Code Flow" are supported.

Please provide configuration points to support both of them.



 Comments   
Comment by Maxime Michel [ 28/Jun/21 ]

Won't do because the next OAuth version (2.1) will not implement implicit flow anymore:

1.9. Compatibility with OAuth 2.0

OAuth 2.1 is compatible with OAuth 2.0 with the extensions and
restrictions from known best current practices applied.
Specifically, features not specified in OAuth 2.0 core, such as PKCE,
are required in OAuth 2.1. Additionally, some features available in
OAuth 2.0, such as the Implicit or Resource Owner Credentials grant
types, are not specified in OAuth 2.1. Furthermore, some behaviors
allowed in OAuth 2.0 are restricted in OAuth 2.1, such as the strict
string matching of redirect URIs required by OAuth 2.1. (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-01)

Hence, as OIDC is an extension of OAuth, it will no longer be supported.

Generated at Mon Feb 12 10:50:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.