Open yorek opened 1 year ago
We should also integrate with https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview, in case it is not already working.
@yorek, to clarify, this ask is for non-hosted scenario, yes? EasyAuth allows configuring generic OpenID Connect providers which should include the providers that you mention.
Update -> Ah, I see this clarified in the description. This is for on-prem scenarios.
Hi @yorek @seantleonard what is the status of Bring your own IDP
i.e. using a generic ODIC provider?
Summary
Increase the number of Authentication providers supported
Motivation
Right now, only EasyAuth and Azure AD are supported. Common authentication providers like Auth0 and in general support for any provider compatible with the OAuth2 protocol should be provided. This would eneable also on-prem users to use custom or third party OAuth2 providers they trust.
Functional Specifications
Using the
jwt
section in the configuration file it will be possible to specify, like already implemented,issuer
that will be used to validate the token receivedaudience
that will be used to determine the used/required scopethere will be also the ability to specify where the role claims can be found using a dedicated option
roles.path
will allow to specify JSON path where roles are in the received JWT token.For example, for an Azure AD token the
roles.path
would beroles
Prior Work
A discuss arone the topic was started in #719