Closed OjasviAgarwal closed 6 months ago
I want to be able to get the id_token by passing the username and password to the /token rest api endpoint of OpenUnison for service accounts. Is this grant flow supported in OpenUnison
Not directly, no. Since this would only really work with LDAP/AD we decided not to implement it. That said, getting a "service account" for use in CI is a pretty common use case with OpenUnison. What's your backend identity store? Is it a remote IdP like Okta or LDAP/AD?
I've got a template that we use to get the id_token
for use with your API server, it just depends on what you're using for identity.
In an ideal world, I would want to use the AzureAD idP which would have regular users, groups as well as service accounts. We are fine with the regular users using the UI driven flow since OpenUnison does the group id to group name mapping beneficial for RBAC. We want the API driven flow (non-UI) for CI/CD and client code where credentials can be passed and id_token can be fetched remotely. We are willing to compromise on creating the service accounts and managing them on our own in OpenUnison instead of AzureAD (if OpenUnison supports that, Keycloak does it but doesn't do the id-> group mapping) and use the ROPC flow or your template to get the id_token.
In an ideal world, I would want to use the AzureAD idP
There are two ways you could do this:
closing due to inactivity
I want to be able to get the id_token by passing the username and password to the /token rest api endpoint of OpenUnison for service accounts. Is this grant flow supported in OpenUnison ? If so, do we have any documentation around the same ? I search online and didn't find anything.