[
https://issues.apache.org/jira/browse/FINERACT-1261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17378395#comment-17378395
]
Aleksandar Vidakovic commented on FINERACT-1261:
------------------------------------------------
Intending to add support for Auth0 and Keykloak. FYI.
> support for external Oauth provider
> ------------------------------------
>
> Key: FINERACT-1261
> URL: https://issues.apache.org/jira/browse/FINERACT-1261
> Project: Apache Fineract
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.4.0
> Reporter: Vincent FUCHS
> Assignee: Aleksandar Vidakovic
> Priority: Major
> Fix For: 1.6.0
>
>
> Hi,
>
> I was looking at the couple of tickets open around OAuth2 support, mostly
> https://issues.apache.org/jira/browse/FINERACT-1142 (and its related issues)
> and https://issues.apache.org/jira/browse/FINERACT-1012 , and from what I
> understand, we currently have no way to configure an external OAuth provider.
> Is that correct ?
>
> A typical Oauth flow is to authenticate against a standard provider, using
> the provider login page and get an OAuth token and be redirected, then use
> that token in all the requests. The security layer then checks the token
> validity for all incoming requests.
>
> Spring has fairly standard support for this :
> [https://spring.io/guides/tutorials/spring-boot-oauth2/]
>
> Is it something that works but is not documented ? or is it sure that it
> doesn't currently work ?
> (I would assume that once https://issues.apache.org/jira/browse/FINERACT-1012
> is completed, it will just be a matter of providing the right Spring
> properties values)
>
> Thanks
>
> --
> Vincent
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
