Content
View differences
Updated by Dominic Bräunlein over 1 year ago
**As** an OpenProject admin
**I want to** be able to configure OpenID provider using a user interface
**so that** I don't have to use a command line and can see potential errors more easily.
**Acceptance criteria**
* **Navigation**
* OpenID provider configurations are accessible under Administration -> Authentication -> OIDC OpenID providers
* **Index page**
* When no OIDC providers are setup show a BlankSlate
* When OIDC providers are setup show all complete and incomplete OIDC providers
* Show name, type, users, "created by" and "created on"
* When a provider is incomplete show the "incomplete" tag
* **Add Button**
* The admin can add a new OIDC "OpenID provider" by clicking on the "Add OIDC OpenID provider" button
* This This"Add OpenID provider" button is a drop down like for adding a storage
* The dropdown shows following options
* Google
* Microsoft Entra
* Custom
* **Create form**
* Overview
* All sections are editable Following attributes need to be filled out by the admin in the OpenID providers creation form
* Basic details
Manually input by the admin
* Name, required and needs to identifier (string)
* secret (string)
* display\_name (string)
* Limit self registration (boolean)
* Can be filled by discovery endpoint or can also be filled manually by the admin
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* Automatic The configuration form supports an input field: "OpenID discovery endpoint"
* The user should be able to optionally use a Discovery endpoint
* After entering the URL, the form will fetch data from the OpenID Discovery endpoint
* After getting a successful response the form copies the fetched values into the form (see attributes above)
* After a unsuccessful response show an error message
* This endpoint will fill the inputs in the next section (Advanced configuration)
* Advanced configuration
* Show a info box when the information was supplied through automatic configuration
* The inputs are editable
* All inputs
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* Client Details
* Admin needs to fill "Client ID" and "Client Secret"
* "Limit self-registration" is optional
* When "Google" was chosen
* The Google discovery endpoint is already known. Therefore the UX should be simplified.
* Automatic and Advanced configuration sections OpenID Discovery endpoint input is not shown
* Inputs for values that can be fetched by the discovery are not shown
* When "Entra" "Entra" was chosen
* An extra input called Tenant" (string is shown "Tenant" (string) - default value "common") is shown in "Basic details" "common"
* Entra discovery endpoint can be constructed from tenant. By default it should be `common`.
* Admin should be able to change tenant.
*
When "Custom" was chosen
* In this case user should be able to enter OpenID Discovery endpoint explicitly.
* **Edit Form**
* _<tbd: are there immutable values once created?>_
**I want to** be able to configure OpenID provider using a user interface
**so that** I don't have to use a command line and can see potential errors more easily.
**Acceptance criteria**
* **Navigation**
* OpenID provider configurations are accessible under Administration -> Authentication -> OIDC
* **Index page**
* When no OIDC providers are setup show a BlankSlate
* When OIDC providers are setup show all complete and incomplete OIDC providers
* Show name, type, users, "created by" and "created on"
* When a provider is incomplete show the "incomplete" tag
* **Add Button**
* The admin can add a new OIDC
* This
* The dropdown shows following options
* Microsoft Entra
* Custom
* **Create form**
* Overview
* All sections are editable
* secret (string)
* display\_name (string)
* Limit self registration (boolean)
* Can
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* Automatic
* The user should be able to optionally use a Discovery endpoint
* After entering the URL, the form will fetch data from the OpenID Discovery endpoint
* After getting a successful response the form copies the fetched values into the form (see attributes above)
* After a unsuccessful response show an error message
* Advanced configuration
* Show a info box when the information was supplied through automatic configuration
* The inputs are editable
* All inputs
* authorization\_endpoint
* userinfo\_endpoint
* token\_endpoint
* end\_session\_endpoint
* jwks\_uri
* issuer
* Client Details
* Admin needs to fill "Client ID" and "Client Secret"
* "Limit self-registration" is optional
* When "Google" was chosen
* The Google discovery endpoint is already known. Therefore the UX should be simplified.
* Automatic and Advanced configuration sections
* Inputs for values that can be fetched by the discovery
* When "Entra"
* An extra input called Tenant" (string
* Entra discovery endpoint can be constructed from tenant. By default it should be `common`.
* Admin should be able to change tenant.
*
* In this case user should be able to enter OpenID Discovery endpoint explicitly.
* _<tbd: are there immutable values once created?>_