search

aces / cbrain

CBRAIN is a flexible Ruby on Rails framework for accessing and processing of large data on high-performance computing infrastructures.
GNU General Public License v3.0
70 stars 43 forks source link

Refacto OIDC #1398

Closed natacha-beck closed 1 week ago

natacha-beck commented 1 month ago

This PR replace #1396 one.

It is a way to generalize the usage of alternative identity provider.

It allow the CBRAIN administartor to have a config file oidc.yml with the following information: 

OIDC_name:
    authorize_uri:                  "https://.../authorize"
    token_uri:                      "https://.../token"
    logout_uri:                     "https://...logout"
    scope:                          "urn:globus:auth:scope:auth.globus.org:view_identities openid email profile"
    client_secret:                  <%= ENV["globus_secret_key"] %>
    client_id:                      <%= ENV["globus_client_id"] %>
    identity_provider:              "identity_provider"
    identity_provider_display_name: "identity_provider_display_name"
    preferred_username:             "preferred_username"
    link_to:                        "www.globus.org"
    link_to_uri:                    "https://www.globus.org/"

Note Multiple identity provider can co-exist, but the client_id should be unique across all identity provider.

prioux commented 1 week ago

Is this PR still valid? There is another one in #1405 That is better right?

prioux commented 1 week ago

I am pretty sure this is obsolete.