77 added support for an external OAuth provider. At the moment, we require the external provider to send the roles in our proprietary roles format, see example below.
For this issue, we have to investigate how the OpenADR specification defines the existing roles, and should probably introduce a compatibility layer in the authentication procedure of the VTN. For example, if a user has the OpenADR roles read_all, write_programs, and write_events, we would probably need to map this to the AnyBusinessUser in our internal authentication mechanism.
Additionally, we should document how our authentication system works and how to make use of the fine-grained access control that we support with our internal roles.
77 added support for an external OAuth provider. At the moment, we require the external provider to send the roles in our proprietary roles format, see example below.
For this issue, we have to investigate how the OpenADR specification defines the existing roles, and should probably introduce a compatibility layer in the authentication procedure of the VTN. For example, if a user has the OpenADR roles
read_all,write_programs, andwrite_events, we would probably need to map this to theAnyBusinessUserin our internal authentication mechanism.Additionally, we should document how our authentication system works and how to make use of the fine-grained access control that we support with our internal roles.