OIDC integration in SPAs

[chamerling]

The current issue goal is to integrate OIDC at the SPAs level:

Login/Logout

Login

• When the user is not connected, it will be redirected to the OIDC Provider and will have to authenticate using selected OIDC flow.
• Once authenticated, the user is redirected to the SPA and can use it as usual

Logout

User logout from the application menu as usual; The logout process is using the standard global OIDC logout and the user is redirected to the login page?

Technical part

(There is no order in the following list)

• Use https://github.com/IdentityModel/oidc-client-js module
• As with Vue apps, the AngularJS SPA have to check if the user is authenticated by doing an ESN API call
• The OIDC information must be injected using Env (dotfile and CLI) at build time, or at runtime from a json/js file (as in Vue apps): This has to be discussed
• Implementation must work with OIDC provider such as LemonLDAP or keycloak
• Documentation is important!
• The integration must support token renewal
• The authentication mechanism can be changed by configuration (basic or OIDC for now). This means that we can import the right module (possibly lazy load)

[chamerling]

TODO: Update all the SPAs like done here https://github.com/OpenPaaS-Suite/esn-frontend-calendar/pull/37

• [x] Calendar
• [x] Contacts
• [x] Inbox
• [x] Admin
• [x] Account
• [x] Mailto