Content
View differences
Updated by Dominic Bräunlein over 1 year ago
**As** an OpenProject admin
**I want to** be able to configure OpenID provider using a user interface
**so that** I don't have to use a command line and can see potential errors more easily.
**Acceptance criteria**
* **Navigation**
* OpenID provider configurations are accessible under Administration -> Authentication -> OpenID providers
* **Add Button**
* The admin can add a new "OpenID provider" by clicking on the "Add OpenID provider" button
* This"Add OpenID provider" button is a drop down like for adding a storage
* The dropdown shows following options
* Google
* Entra
* Custom
* **Create form**
* Following attributes need to be filled out by the admin in the OpenID providers creation form
* Manually input by the admin
* identifier (string)
* secret (string)
* display\_name (string)
* Limit self registration (boolean)
* Can be filled by discovery endpoint or can also be filled manually by the admin
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* The configuration form supports an input field: "OpenID discovery endpoint"
* After entering the URL, the form will fetch filling data from the OpenID Discovery endpoint
* After getting a successful response the form copies the fetched values into the form (see attributes above)
* After a unsuccessful response show an error message
* When "Google" was chosen specific providers like Google and Entra
* The For Google discovery endpoint is already known. Therefore the UX should be simplified.
* OpenID Discovery endpoint input is not shown
* Inputs for values that can be fetched by the discovery are not shown
* When "Entra" was chosen
* An extra input is shown "Tenant" (string) - default value "common"
* For Entra discovery endpoint can be constructed from tenant. By default it should be `common`.
* Admin And use should be able to change tenant.
* When "Custom" was chosen custom provider
* In this case user should be able to enter OpenID Discovery endpoint explicitly.
explicitly.
These attributes can be obtained from the discovery endpoint.
* **Edit Form**
authorization\_endpoint
* _<tbd: are there immutable values once created?>_ userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
These attributes can't. Admin has to fill it in manually:
* identifier
* secret
* display\_name
**I want to** be able to configure OpenID provider using a user interface
**so that** I don't have to use a command line and can see potential errors more easily.
**Acceptance criteria**
* **Navigation**
* OpenID provider configurations are accessible under Administration -> Authentication -> OpenID providers
* The admin can add a new "OpenID provider" by clicking on the "Add OpenID provider" button
* This"Add OpenID provider" button is a drop down like for adding a storage
* The dropdown shows following options
* Entra
* Custom
* **Create form**
* Following attributes need to be filled out by the admin in the OpenID providers creation form
* Manually input by the admin
* identifier (string)
* secret (string)
* display\_name (string)
* Limit self registration (boolean)
* Can be filled by discovery endpoint or can also be filled manually by the admin
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* The configuration form supports an input field: "OpenID discovery endpoint"
* After a unsuccessful response show an error message
* When "Google" was chosen
* The
* OpenID Discovery endpoint input is not shown
* Inputs for values that can be fetched by the discovery are not shown
* When "Entra" was chosen
* An extra input is shown "Tenant" (string) - default value "common"
*
* Admin
* When "Custom" was chosen
* In this case user should be able to enter OpenID Discovery endpoint explicitly.
These attributes can be obtained from the discovery endpoint.
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
These attributes can't. Admin has to fill it in manually:
* identifier
* secret
* display\_name