Content
View differences
Updated by Jonas Heinrich (Finn) about 12 years ago
OpenProject users should be able to authenticate against an OpenID Connect provider. The first provider should be Google.
The interface in OpenProject for adding an authentication provider is created by \#5553.
**Acceptance criteria**
- Users having a valid Google account can authenticate against Google and will then be considered authenticated by OpenProject.
- Users having a valid Google account can have an OpenProject account created for them on the fly.
- Configuration is handled via configuration files. An admin interface is not required.
- The available configuration options must be settable during the deployment via chef/Opsworks.
- Integration tests are in place:
- If it is feasible to test the actual login against google, this is the preferred solution.
- if it is not feasible the test must ensure that every request that would be issued against google is responded to by a realistic mock.
- While google is the first provider used with this OmniAuth strategy, the strategy should not be limited to Google:
- OpenProject.com will be an OpenID Connect provider.
- Multiple providers need therefore to be supported at the same time as long as they conform to OpenID Connect.
**Notes**
- The functionality has been extracted into the plugin [openproject-openid\_connect](https://github.com/finnlabs/openproject-openid_connect)
The interface in OpenProject for adding an authentication provider is created by \#5553.
**Acceptance criteria**
- Users having a valid Google account can authenticate against Google and will then be considered authenticated by OpenProject.
- Users having a valid Google account can have an OpenProject account created for them on the fly.
- Configuration is handled via configuration files. An admin interface is not required.
- The available configuration options must be settable during the deployment via chef/Opsworks.
- Integration tests are in place:
- If it is feasible to test the actual login against google, this is the preferred solution.
- if it is not feasible the test must ensure that every request that would be issued against google is responded to by a realistic mock.
- While google is the first provider used with this OmniAuth strategy, the strategy should not be limited to Google:
- OpenProject.com will be an OpenID Connect provider.
- Multiple providers need therefore to be supported at the same time as long as they conform to OpenID Connect.
**Notes**
- The functionality has been extracted into the plugin [openproject-openid\_connect](https://github.com/finnlabs/openproject-openid_connect)