SilviaAmAm commented 1 month ago

https://dimpact.atlassian.net/jira/software/c/projects/PZ/boards/258?selectedIssue=PZ-3935

Als gebruiker van ABC Wil ik gebruik kunnen maken van OIDC voor het inlog proces Zodat ik niet steeds opnieuw hoef in te loggen.

TODO

[x] Onderzoeken hoe het met rollen zal werken

Backend

[x] Refactor backend to use django permissions https://github.com/maykinmedia/open-archiefbeheer/pull/400
[x] OIDC package toevoegen
[x] Configuratie toevoegen https://github.com/maykinmedia/open-archiefbeheer/pull/403

Frontend

[x] Knop toevoegen om OIDC te gebruiken https://github.com/maykinmedia/admin-ui/pull/138

DevOps

[x] Testen met maykin keycloak
[x] Update ansible playbook to automatically configure Keycloak https://github.com/maykinmedia/commonground-deployment/pull/83

SilviaAmAm commented 1 month ago

Onderzoeken hoe het met rollen zal werken

Discussed with Sjoerd how this works with other maykin apps. In OIDC (Keycloak, azure..) we can configure that for users a certain claim is sent to OAB. Based on this claim, the user can be added to a Django group.

I think what makes most sense is to refactor the Role model to use the Django permission system and then configure groups that have certain permissions. Then we can add the users to the groups when they log in with OIDC.

SilviaAmAm commented 1 month ago

Not all components done

SilviaAmAm commented 1 month ago

Not finished yet!

maykinmedia / open-archiefbeheer

OIDC koppeling maken #390

TODO

Backend

Frontend

DevOps