Content
View differences
Updated by Wieland Lindenthal over 2 years ago
Our goal of this CR is to automate the OAuth token flows using a central IDP (OIDC) so that a user does not need to individually and manually pass the OAuth flow.
In order to make it as easy as possible for new users we need to come up with a good, detailed plan. It involves at least:
* Univention
* OIDC setup (Keycloak I guess)
* Nextcloud
* for letting Nextcloud core accept/verify and store those sessions on incoming API requests
* for our Nextcloud app
* to accept/verify (ideally handled by core) incoming API requests for API endpoints that are provided by the app
* uses such and use those sessions for outgoing requests to OpenProject
* OpenProject
* Allowing for allowing OpenProject to be configured to use that special type of setup
* Accept/verify accept/verify these tokens on incoming API requests
* Store store tokens in the session for a user
* Make the the file storage make our Storage connection use those tokens when emitting requests to Nextcloud
* Take special care of the background jobs (they currently use a Nextcloud app password as there is no user session)
> This plan is still pretty rough. This is an integration topic with high complexity but definitely worth the effort. I recommend to work with proofs of concept in the beginning. It also requires that all three involved parties are working closely together.
In order to make it as easy as possible for new users we need to come up with a good, detailed plan. It involves at least:
* Univention
* OIDC setup (Keycloak I guess)
* Nextcloud
*
*
* to accept/verify (ideally handled by core) incoming API requests for API endpoints that are provided by the app
* uses such
* OpenProject
* Allowing
* Accept/verify
* Store
* Make the the file storage
* Take special care of the background jobs (they currently use a Nextcloud app password as there is no user session)
> This plan is still pretty rough. This is an integration topic with high complexity but definitely worth the effort. I recommend to work with proofs of concept in the beginning. It also requires that all three involved parties are working closely together.