Edit user profile from mokey

[jvinolas]

We will need a page where the user can edit his profile and this is updated on freeipa, to be used by hydra OpenID. Now mokey allows the user to reset the password only.

Could this be implemented with the goipa library mokey is already using to communicate to freeipa? Will this be updated on hydra client apps automatically or mokey may update this info to hydra admin url?

Also we are looking how to add user avatar picture to the whole auth system. Planning to do an integration with libravatar (ivatar). Do you have any other/easier ideas to upload/modify a custom client app avatar image and serve it using the OpenID picture field?

[aebruno]

We will need a page where the user can edit his profile and this is updated on freeipa, to be used by hydra OpenID. Now mokey allows the user to reset the password only.

Could this be implemented with the goipa library mokey is already using to communicate to freeipa?

Yes, it can be done. Would have to add a few functions for updating the user details in goipa as they currently do not exist. Then would need to add the functionality to mokey.

Will this be updated on hydra client apps automatically or mokey may update this info to hydra admin url?

If editing user profiles was added to mokey, then the data would be included in the OpenID token sent to hydra.

Also we are looking how to add user avatar picture to the whole auth system. Planning to do an integration with libravatar (ivatar). Do you have any other/easier ideas to upload/modify a custom client app avatar image and serve it using the OpenID picture field?

Check out this thread on adding avatars to FreeIPA. Seems relevant to what you're after. Then could possibly modify mokey to include this in the OpenID token? Not sure but might be worth investigating.

[jankirsten]

We will need a page where the user can edit his profile and this is updated on freeipa

This is actually one of many features we implemented for our installation. I was planning on offering many of these as PRs for quite some time but as we currently have 400+ additional commits, cherry-picking will be quite a task. Also there will be some problematic dependencies when backporting single features to "vanilla" mokey.

We did not add avatars but we added address (which can be realized without a custom objectclass) and date of birth (which needs a custom objectclass) next to some attributes specific to our use-case. On the mokey end of things it is actually configurable which fields will be available. For goipa I implemented a UserMod function which operates on UserRecord structs to avoid having multiple update-this/update-that functions.

We currently don't use hydra, so I don't know which changes would be neccessary on that end.

However one could rise the question if it actually makes sense to add self-service of profile data to mokey. This functionality is already provided by IPA itself. Mokey currenly complements IPA by adding functionality which is intentionally left out of IPA. In our case we need the feature in mokey because we use IPA with permissions locked down tightly. Which leads to IPA (CLI, API and Web UI) being unusable for users without elevated privileges when done properly using RBAC (more about this problem). Of course it is also nice for users to have everything in one spot and with a possibly easier to use interface but this question should be answered first.