We need to add a new branding option that enforces the OIDC auth flow (assuming basic auth is off).
The new brandable parameter will be called enforce_oidc.
The default behaviour should be keeping enabled the basic auth, so, giving the branding parameter a consistent default value with that given behaviour (false).
In the authentication flow, an unauthenticated request is sent to webdav endpoint to discover the available authentication methods by checking the www-authenticate header. This is not supported and also should be prevented.
TASKS
[x] Research (if needed)
[x] Create branch feature/skip_webfinger
[ ] Development tasks
[x] Add new branded parameter enforce_oidc
[x] Use new branded parameter to skip or enforce some steps
[x] Add new branded parameter oauth2_redirect_uri_path to be able to handle redirect URIs correctly
[x] Send clientId and clientSecret in OIDC token requests when needed
[ ] Implement unit tests (if needed) -> Will be done in a future issue
[x] Code review and apply changes requested
[x] Design test plan
[x] QA
[x] Merge branch feature/skip_webfinger into master
We need to add a new branding option that enforces the OIDC auth flow (assuming basic auth is off).
The new brandable parameter will be called
enforce_oidc.The default behaviour should be keeping enabled the basic auth, so, giving the branding parameter a consistent default value with that given behaviour (false).
In the authentication flow, an unauthenticated request is sent to webdav endpoint to discover the available authentication methods by checking the
www-authenticateheader. This is not supported and also should be prevented.TASKS
enforce_oidcoauth2_redirect_uri_pathto be able to handle redirect URIs correctlyclientIdandclientSecretin OIDC token requests when needed