Content
View differences
Updated by Jan Sandbrink over 1 year ago
**As** an administrator
**I want the** health status feature to support storages configured for common OIDC tokens,
**so that** I understand, whether the interaction between OpenProject, the IDP and Nextcloud will work.
**Acceptance criteria**
When an admin performs the connection validation / health status on a storage that's using a common OIDC provider:
* If no OIDC provider is configured on OpenProject's side or the admin is not logged in through OIDC, it shows an error
* Including a link to docs for setting up an OIDC provider
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
* If user is logged in through OIDC, check suitability of access token for currently logged in user (usually the admin)
* If the token is deemed usable for use in Nextcloud:
* Show success (roughly: "IDP token is usable to access storage")
* If the token is not deemed usable for use in Nextcloud
* ... and if IDP offers no token exchange:
* show error (roughly: "IDP token does not seem suitable to access storage")
* ... and if IDP offers token exchange capability: Try to exchange token
* if exchange succeeds: show success (roughly: "IDP token could be exchanged for token to access storage")
* if exchange fails: show error (roughly: "Attempted token exchange failed")
* Show an _additional_ warning if OIDC provider of current user is not set-up to request the offline\_access scope
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
**I want the** health status feature to support storages configured for common OIDC tokens,
**so that** I understand, whether the interaction between OpenProject, the IDP and Nextcloud will work.
**Acceptance criteria**
When an admin performs the connection validation / health status on a storage that's using a common OIDC provider:
* If no OIDC provider is configured on OpenProject's side or the admin is not logged in through OIDC, it shows an error
* Including a link to docs for specific requirements for an OIDC provider used in this scenario
*
* If the token is deemed usable for use in Nextcloud:
* Show success (roughly: "IDP token is usable to access storage")
* If the token is not deemed usable for use in Nextcloud
* ... and if IDP offers no token exchange:
* show error (roughly: "IDP token does not seem suitable to access storage")
* ... and if IDP offers token exchange capability: Try to exchange token
* if exchange succeeds: show success (roughly: "IDP token could be exchanged for token to access storage")
* if exchange fails: show error (roughly: "Attempted token exchange failed")
* Show an _additional_ warning if OIDC provider of current user is not set-up to request the offline\_access scope
* Including a link to docs for specific requirements for an OIDC provider used in this scenario