Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WFLY-16532] elytron-oidc-client: add ability to configure additional…
… scope for authentication request
- Loading branch information
1 parent
0b96497
commit 1f68579
Showing
1 changed file
with
129 additions
and
0 deletions.
There are no files selected for viewing
129 changes: 129 additions & 0 deletions
129
elytron/WFLY-16532-additional-scope-for-auth-request.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
== Adding the ability to configure additional scope for authentication request | ||
:author: Prarthona Paul | ||
:email: prpaul@redhat.com | ||
:toc: left | ||
:icons: font | ||
:idprefix: | ||
:idseparator: - | ||
|
||
== Overview | ||
|
||
OpenID Connect is an authentication mechanism that builds on OAuth 2.0 | ||
and allows a user to login to a web application using credentials established | ||
by an OpenID provider. | ||
Currently, when sending an authentication request to the OpenID provider, one | ||
of the required parameters with the authentication flow is "scope". However, for | ||
now, that value is hardcoded as just "openid". | ||
|
||
The specifications indicate that there are other scope values which may be included in | ||
the authentication request. This new feature adds the ability to configure the `scope` attribute | ||
of the `elytron-oidc-client` subsystem, so that those additional parameters can be specified when | ||
configuring the server. | ||
|
||
The feature will allow the user to configure the server in two ways: | ||
|
||
* In an application's oidc.json file | ||
|
||
* in the elytron-oidc-client subsystem configuration in the secure-deployment resource | ||
|
||
== Issue Metadata | ||
|
||
=== Issue | ||
|
||
* https://issues.redhat.com/browse/WFLY-16532[WFLY-16532] | ||
|
||
=== Related Issues | ||
|
||
* N/A | ||
|
||
=== Dev Contacts | ||
|
||
* mailto:{email}[{author}] | ||
|
||
=== QE Contacts | ||
|
||
* TBD | ||
|
||
=== Testing By | ||
// Put an x in the relevant field to indicate if testing will be done by Engineering or QE. | ||
// Discuss with QE during the Kickoff state to decide this | ||
* [ ] Engineering | ||
|
||
* [ ] QE | ||
|
||
* TBD | ||
|
||
=== Affected Projects or Components | ||
|
||
* WildFly | ||
|
||
* WildFly-elytron | ||
|
||
=== Other Interested Projects | ||
|
||
N/A | ||
|
||
=== Relevant Installation Types | ||
|
||
* [x] Traditional standalone server (unzipped or provisioned by Galleon) | ||
|
||
* [x] Managed domain | ||
|
||
* [x] OpenShift s2i | ||
|
||
* [x] Bootable jar | ||
|
||
== Requirements | ||
|
||
=== Hard Requirements | ||
|
||
* A new `scope` resource added to the `elytron-oidc-client` subsystem, which will be used | ||
to configure the scope attribute of the oidc client. | ||
|
||
* It must be possible to configure this attribute using the following command: | ||
|
||
``` | ||
/subsystem=elytron-oidc-client=my-oidc-client:write-attribute(name=scope, value=openid) | ||
``` | ||
|
||
* It must also be configured using the `oidc.json` file as follows: | ||
``` | ||
"scope" : "<clinet id>%20offline_access%20openid" | ||
``` | ||
|
||
=== Nice-to-Have Requirements | ||
|
||
N/A | ||
|
||
=== Non-Requirements | ||
|
||
N/A | ||
|
||
=== Backwards Compatibility | ||
|
||
N/A | ||
|
||
=== Default Configuration | ||
|
||
The `scope` attribute would be undefined by default and in that case, the scope | ||
would be hardcoded as `scope=openid` as before. | ||
|
||
//commenting these out for now. Will delete if we dont need it. | ||
// === Importing Existing Configuration | ||
|
||
// === Deployments | ||
|
||
// === Interoperability | ||
|
||
// === Security Considerations | ||
|
||
== Test Plan | ||
|
||
* Wildfly Elytron test suit: Test cases implemented for functionality. | ||
|
||
* WildFly test suite: Ensuring the correct scope if chosen and used when the `scope` attribute is | ||
changed. | ||
|
||
== Community Documentation | ||
|
||
Documentation will be added to https://github.com/wildfly/wildfly/blob/main/docs/src/main/asciidoc/_elytron/Keycloak_Integration.adoc[Elytron's Keycloak Integration Documentation]. |