Content
Updated by Wieland Lindenthal 14 days ago
Our goal of this EPIC Epic is to eliminate automate the OAuth token flows by using a central IDP (OIDC) so that a user does not need to individually and manually pass the OAuth flow.
In order to make it as easy as possible for new users we need to come up with a good, detailed plan. It involves at least:
* Univention
* OIDC setup (Keycloak I guess)
* Nextcloud
* Nextcloud core accept/verify and store those sessions on incoming API requests
* Nextcloud app
* to accept/verify (ideally handled by core) incoming API requests for API endpoints that are provided by the app
* uses such sessions for outgoing requests to OpenProject
* OpenProject
* Allowing OpenProject to be configured to use that special type of setup
* Accept/verify these tokens on incoming API requests
* Store tokens in the session for a user
* Make the the file storage connection use those tokens when emitting requests to Nextcloud
* Take special care of the background jobs (they currently use a Nextcloud app password as there is no user session)
> This plan is still pretty rough. This is an integration topic with high complexity but definitely worth the effort. I recommend to work with proofs of concept in the beginning. It also requires that all three involved parties are working closely together.
In order to make it as easy as possible for new users we need to come up with a good, detailed plan. It involves at least:
* Univention