Content
View differences
Updated by Jan Sandbrink over 1 year ago
**As** an administrator
**I want the** health status feature to support storages configured for common OIDC tokens, to** receive feedback on configuration errors during setup
**so that** I understand, whether the interaction between OpenProject, the IDP and Nextcloud will work.
**Acceptance criteria**
When an admin performs the connection validation / health status on a storage that's using a common OIDC provider:
* If no OIDC provider is configured on OpenProject's side or the admin is not logged in through OIDC, side, it shows an error a warning
* Including a link to docs for setting up an OIDC provider
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
* If user an OIDC provider is logged configured, show warning if provider is not set-up to request the offline\_access scope
* Including a link to docs for specific requirements for an OIDC provider used in through OIDC, this scenario
* Once a Nextcloud client ID has been entered, check suitability of access token for currently logged in user (usually the admin)
* If the token is deemed usable for use in Nextcloud:
* Show success (roughly: "IDP token is usable to access storage")
* If the token is not deemed usable for use in Nextcloud
* ... and if IDP offers no token exchange:
* show error (roughly: "IDP token does not seem suitable to access storage")
* ... and if IDP offers token exchange capability: Try to exchange token
* if exchange succeeds: show success (roughly: "IDP token could be exchanged for token to access storage")
* if exchange fails: show error (roughly: "Attempted token exchange failed")
* Show an _additional_ warning if OIDC provider of current user is not set-up to request the offline\_access scope
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
**I want the** health status feature to support storages configured for common OIDC tokens,
**so that** I understand, whether the interaction between OpenProject, the IDP and Nextcloud will work.
**Acceptance criteria**
When an admin performs the connection validation / health status on a storage that's using a common OIDC provider:
* If no OIDC provider is configured on OpenProject's side or the admin is not logged in through OIDC,
* Including a link to docs for setting up an OIDC provider
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
* If user
* Including a link to docs for specific requirements for an OIDC provider used
* Once a Nextcloud client ID has been entered,
* If the token is deemed usable for use in Nextcloud:
* Show success (roughly: "IDP token is usable to access storage")
* If the token is not deemed usable for use in Nextcloud
* ... and if IDP offers no token exchange:
* show error (roughly: "IDP token does not seem suitable to access storage")
* ... and if IDP offers token exchange capability: Try to exchange token
* if exchange succeeds: show success (roughly: "IDP token could be exchanged for token to access storage")
* if exchange fails: show error (roughly: "Attempted token exchange failed")
* Show an _additional_ warning if OIDC provider of current user is not set-up to request the offline\_access scope
* Including a link to docs for specific requirements for an OIDC provider used in this scenario