Custom OAuth 2 / OpenID Connect providers

[Guichaguri]

Problem Statement

Sentry currently supports custom SAML providers, but not OAuth 2 or OpenID Connect.

Solution Brainstorm

OAuth 2 is a pretty well established protocol for authorization, supporting it should not be too hard since Sentry already has code for GitHub and Google.

The problem is retrieving the user data. Since OAuth 2 does not have a standard for user resources, each provider server can implement that differently. There are two solutions to that:

• Add configuration to map JSON properties to Sentry user properties from based in a custom user resources endpoint. This would allow the custom provider to be used with pretty much any OAuth 2 provider.
• Support OpenID Connect, as it extends OAuth 2 with standard claims that can be mapped to a Sentry user.

The perfect scenario is to support both solutions, but I think OpenID Connect is the way to go.

[getsentry-release]

Routing to @getsentry/enterprise for triage. ⏲️

[leedongwei]

Thanks for the suggestion! It is in our backlog, but we don't have plans to add more authentication features at this point.