Content
View differences
Updated by Jan Sandbrink over 1 year ago
**As** an administrator setting up the OpenProject-Nextcloud integration setting up the OpenProject side
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow.
**Acceptance criteria**
* In the files storages settings for Nextcloud, the first form is extended with a select box "Authentication method" with the options
* "Two-way OAuth2 authorization code flow" (default)
* "Common OpenID Connect Identity Provider"
* If the admin chooses "OAuth2" then step 2 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them
* If the admin chooses "OIDC" then step 2 will be a new form "OpenID Connect"
* The admin must enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "Save & continue" (leading to the existing step 3 "Project folders")
**Figma**
workPackageValue:"Figma wireframes"
**QA Notes**
The followup features ##61532 and ##61623 already change the UI implemented here. The former adds a third option for the authentication method, but should otherwise not harm testability. The latter changes the UI to configure the Client ID of Nextcloud and adds some additional radio buttons there.
**Out of scope**
##61839
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow.
**Acceptance criteria**
* In the files storages settings for Nextcloud, the first form is extended with a select box "Authentication method" with the options
* "Two-way OAuth2 authorization code flow" (default)
* "Common OpenID Connect Identity Provider"
* If the admin chooses "OAuth2" then step 2 will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have them
* If the admin chooses "OIDC" then step 2 will be a new form "OpenID Connect"
* The admin must enter the OIDC client ID of Nextcloud (text input)
* The save button should be labeled as "Save & continue" (leading to the existing step 3 "Project folders")
**Figma**
workPackageValue:"Figma wireframes"
**QA Notes**
The followup features ##61532 and ##61623 already change the UI implemented here. The former adds a third option for the authentication method, but should otherwise not harm testability. The latter changes the UI to configure the Client ID of Nextcloud and adds some additional radio buttons there.
**Out of scope**
##61839