Content
Updated by Jan Sandbrink 6 months ago
**As** an administrator setting up the OpenProject-Nextcloud integration setting up the OpenProject side
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow.
**Acceptance criteria**
* In the files storages settings for Nextcloud, the first fom is extended with a select box "Authentication method" with the options
* "Two-way OAuth2 authorization code flow" (default)
* "Common OpenID Connect Identity Provider"
* If the admin chooses "OAuth2" then step 2 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them
* If the admin chooses "OIDC" then step 2 will be a new form "OpenID Connect"
* It tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.
* It tells to follow the setup instructions in the docs on how to configure OIDC in OpenProject and how to configure the OIDC provider and offers a link to the correct OpenProject docs.
* (?) The admin is required to select an OIDC provider. (dropdown).
* The admin must enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "Save & continue" (leading to the existing step 3 "Project folders")
* The admin needs to be able to switch between OAuth2 and OIDC on existing file storages, to provide a migration path
**Figma**
workPackageValue:"Figma wireframes"
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow.
**Acceptance criteria**
* In the files storages settings for Nextcloud, the first fom is extended with a select box "Authentication method" with the options
* "Two-way OAuth2 authorization code flow" (default)
* "Common OpenID Connect Identity Provider"
* If the admin chooses "OAuth2" then step 2 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them
* If the admin chooses "OIDC" then step 2 will be a new form "OpenID Connect"
* It tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.
* It tells to follow the setup instructions in the docs on how to configure OIDC in OpenProject and how to configure the OIDC provider and offers a link to the correct OpenProject docs.
* (?) The admin is required to select an OIDC provider. (dropdown).
* The admin must enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "Save & continue" (leading to the existing step 3 "Project folders")
* The admin needs to be able to switch between OAuth2 and OIDC on existing file storages, to provide a migration path
workPackageValue:"Figma wireframes"