Content
View differences
Updated by Dominic Bräunlein over 1 year ago
**As** an administrator setting up the OpenProject-Nextcloud integration setting up the Nextcloud side
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and idP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow
**Acceptance criteria**
* Step 1
* stays the same
* Step 2
* In the app's settings, there is a new step 2 ("Authentication method") in which the admin is asked what type of integration she wants to setup
* "OAuth2 two-way authorization code flow"
* default value
* "OpenID identity provider"
* When User OIDC app is not installed
* This option Is deactivated
* A info with the link to the User OIDC app is shown underneath
* The admin saves the selection with a "Save"-button
* Step 3 and onwards
* If the admin choses "OAuth2"
* then the next steps will be the current Steps 2 and onwards.
* If the admin choses "OIDC"
* then it will show "Authentication settings"
* information text with a link for further documentation.
* It shows a warning if the app "user\_oidc" is not installed.
* It tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.
* It tells to follow the setup instructions in the docs on how to configure "user\_oidc" and the OIDC provider and offers a link to the correct OpenProject docs.
* The admin is required to select an OIDC provider. The admin can choose from configured OIDC provider in Nextcloud (dropdown).
* The admin needs to enter the OIDC client ID of OpenProject (text input)
* The admin needs to be able to switch between OAuth2 and OIDC on existing configurations, to provide a migration path.
**Figma**
workPackageValue:"Figma wireframes"
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and idP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow
**Acceptance criteria**
* Step 1
* stays the same
* Step 2
* In the app's settings, there is a new step 2 ("Authentication method") in which the admin is asked what type of integration she wants to setup
* "OAuth2 two-way authorization code flow"
* default value
* "OpenID identity provider"
* When User OIDC app is not installed
* This option Is deactivated
* A info with the link to the User OIDC app is shown underneath
* The admin saves the selection with a "Save"-button
* Step 3 and onwards
* If the admin choses "OAuth2"
* then the next steps will be the current Steps 2 and onwards.
* then it will show "Authentication settings"
* information text with a link for further documentation.
workPackageValue:"Figma wireframes"