Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨(oidc) people as an identity provider #638

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

✨(oidc) people as an identity provider #638

wants to merge 7 commits into from

Conversation

qbey
Copy link
Member

@qbey qbey commented Jan 14, 2025
edited
Loading

Purpose

We want the people user database to also be an Identity Provider.

Ref:

Proposal

This is the very first step toward this goal:

  • Allow people to ask like an OIDC Identity Provider
  • Add a login page to allow login through email/password
  • Provide a local testing environment
  • Fix validator (and keycloak setup) to return given_name and usual_name instead of name for ProConnect => Split full name in the user model :(
  • Add a check on acr to refuse higher level than eidas1 when requested by ProConnect (comes from the SP)
  • Use the login_hint for the login page (and don't allow email field edition?)
  • Do not login the user on people if the OIDC authentication loop fails (aka do not create a session when login from the frontend login page)
  • Add backend tests
  • Request help to clean the frontend part ^^
  • Add frontend tests
  • Add E2E tests

@qbey qbey self-assigned this Jan 14, 2025
@qbey qbey added frontend Relative to the frontend backend feature labels Jan 14, 2025
@qbey qbey force-pushed the qbey/people-as-identity-provider branch 2 times, most recently from 799ef24 to 3a2f5a4 Compare January 14, 2025 15:13
@qbey qbey force-pushed the qbey/people-as-identity-provider branch 6 times, most recently from 254f735 to 8bf6095 Compare February 6, 2025 12:23
qbey added 3 commits February 6, 2025 14:01
@qbey
🗃️(user) split name into first/last names
6276326 
I know, in 2025 we should not consider first name and last name but
to allow to use the project as an identity provider, we need to send
those data.
For code preservation, we keep the "name" field as a generated field
so the code continues to consider only a "name".
@qbey
✨(oidc) add django-oauth-toolkit w/ configuration
48da512 
This allows to use `people` as an identity provider using
OIDC and local users.
This commit is partial, because it does not manage a way to
create "local" users and the login page is the admin one, which
can't be used for non staff users or login with email.
@qbey
🧑‍💻(demo) configure people as an IdP
9d503c6 
This configures local environment to test login through people:
- Keycloak configuration of the IdP (people)
- Add Keycloak Application in people

The only user who can login for now is "admin".
@qbey qbey force-pushed the qbey/people-as-identity-provider branch from 8bf6095 to f1f2bf4 Compare February 6, 2025 13:01
qbey added 4 commits February 6, 2025 16:56
@qbey
✨(oidc) add login page in the frontend
ca48de0 
To have a better user experience, we want the login page
to in the frontend.
@qbey
🧱(helm) add ingress to serve OIDC URLs
b126b8b 
Allow to access the `/o` URLs related to the OIDC authentication
when using people as an indentity provider.
@qbey
🧑‍💻(tilt) allow use of people as an IdP
fcadf75 
Few fixes to allow the keycloak dev stack to use people
as an Identity Provider.
This requires the update of the bitnami keycloak chart we
use.
@qbey
🔇(helm) disable sentry on local stack
a065570 
This is making too much noise when developing using the tilt stack...
@qbey qbey force-pushed the qbey/people-as-identity-provider branch from f1f2bf4 to a065570 Compare February 6, 2025 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@qbey qbey

Labels
backend feature frontend Relative to the frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@qbey