Content
View differences
Updated by Jan Sandbrink about 1 year ago
**As** an administrator
**I want to** be able to accept JWTs issued in a client credentials flow,
**so that** SCIM requests can be authenticated without configuring additional secrets.
**Acceptance criteria**
* JSON Web Tokens issued to another client can be processed
* Instead of authenticating an OpenProject user they should authenticate a service account
* The service account is associated to a SCIM-Client
**Technical notes**
* It probably makes sense to understand and think about the general concepts involved in authentication
* The service account should probably inherit from principal
**QA notes**
* This is not independently testable
* It will probably become sufficiently testable once we have a UI to setup SCIM clients (see <mention class="mention" data-id="62516" data-type="work_package" data-text="#62516">#62516</mention> )
* Alternatively we can try to prepare/hack something on QA and then you can try to break what we hacked together
**I want to** be able to accept JWTs issued in a client credentials flow,
**so that** SCIM requests can be authenticated without configuring additional secrets.
**Acceptance criteria**
* JSON Web Tokens issued to another client can be processed
* Instead of authenticating an OpenProject user they should authenticate a service account
* The service account is associated to a SCIM-Client
**Technical notes**
* It probably makes sense to understand and think about the general concepts involved in authentication
* The service account should probably inherit from principal
**QA notes**
* This is not independently testable
* It will probably become sufficiently testable once we have a UI to setup SCIM clients (see <mention class="mention" data-id="62516" data-type="work_package" data-text="#62516">#62516</mention> )
* Alternatively we can try to prepare/hack something on QA and then you can try to break what we hacked together