Content
Updated by Jan Sandbrink 7 months ago
**As** an administrator setting up the OpenProject-Nextcloud integration setting up the OpenProject side
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP idP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow. flow
**Acceptance criteria**
* In the files storages settings for Nextcloud, there is a new step 2 in which the admin is asked what type of integration she wants to setup
* Two-way OAuth2 authorization code flow (default)
* OpenID Connect (OIDC) via Token Exchange - Keycloak
* If the admin choses "OAuth2" then the step 3 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them.
* If the admin choses "OIDC" then it will show information text with a link for further documentation.
* It shows a warning if there is no OIDC configured (on OpenProject's side).
* It tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.
* It tells to follow the setup instructions in the docs on how to configure OIDC in OpenProject and how to configure the OIDC provider and offers a link to the correct OpenProject docs.
* The admin is required to select an OIDC provider. The admin can choose from configured OIDC providers capable provider of Token Exchange type "Keycloak" in OpenProject (dropdown).
* The admin needs to enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "save" (to be confirmed)
* The admin needs to be able to switch between OAuth2 and OIDC on existing file storages, to provide a migration path.
**Figma**
workPackageValue:"Figma wireframes"
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP
**so that** not each user needs to got through the OAuth grant flow.
**Acceptance criteria**
* In the files storages settings for Nextcloud, there is a new step 2 in which the admin is asked what type of integration she wants to setup
* Two-way OAuth2 authorization code flow (default)
* OpenID Connect (OIDC) via Token Exchange
* If the admin choses "OAuth2" then the step 3 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them.
* If the admin choses "OIDC" then it will show information text with a link for further documentation.
* It shows a warning if there is no OIDC configured (on OpenProject's side).
* It tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.
* It tells to follow the setup instructions in the docs on how to configure OIDC in OpenProject and how to configure the OIDC provider and offers a link to the correct OpenProject docs.
* The admin is required to select an OIDC provider. The admin can choose from configured OIDC providers capable
* The admin needs to enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "save" (to be confirmed)
* The admin needs to be able to switch between OAuth2 and OIDC on existing file storages, to provide a migration path.
**Figma**
workPackageValue:"Figma wireframes"