[
https://issues.apache.org/jira/browse/SOLR-17845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christos Malliaridis updated SOLR-17845:
----------------------------------------
Description:
With SOLR-17659 we have introduced basic authentication. Since Solr supports
other authentication options, we should start adding those too.
h2. Task
Add support for authenticating with OAuth 2.0 / OIDC.
h2. Acceptance Criteria
- Client ID can be configured
- Authorization Code Flow with PKCE is supported
- Redirects to the browser and back work as expected
- Tokens are refreshed when refresh_tokens are issued
- ID tokens are used for identifying the user (user identity)
h2. Additional Information
Typical OAuth flows require a redirect to the browser. If you are not familiar
with the OAuth flows, it is strongly recommended to learn those first. A good
resource for that is https://oauth.net/2/
The [documentation of Ktor|https://ktor.io/docs/client-bearer-auth.html] shows
how the flow should be implemented.
You should be aware that the desktop client, as well as the wasmJS (web)
client, will both have to retrieve and use the client ID, which will probably
not be hardcoded in the source code. The client ID is usually generated by the
OAuth server.
Additionally, for the navigation to the browser and back you will have to use
[deep
links|https://www.jetbrains.com/help/kotlin-multiplatform-dev/compose-navigation-deep-links.html].
was:
With SOLR-17659 we have introduced basic authentication. Since Solr supports
other authentication options, we should start adding those too.
h2. Task
Add support for authenticating with OAuth 2.0 / OIDC.
h2. Acceptance Criteria
- Client ID can be configured
- Authorization Code Flow with PKCE is supported
- Redirects to the browser and back work as expected
- Tokens are refreshed when refresh_tokens are issued
- ID tokens are used for identifying the user (user identity)
h2. Additional Information
Typical OAuth flows require a redirect to the browser. If you are not familiar
with the OAuth flows, it is strongly recommended to learn those first. A good
resource for that is https://oauth.net/2/
The [documentation of Ktor][https://ktor.io/docs/client-bearer-auth.html] shows
how the flow should be implemented.
You should be aware that the desktop client, as well as the wasmJS (web)
client, will both have to retrieve and use the client ID, which will probably
not be hardcoded in the source code. The client ID is usually generated by the
OAuth server.
Additionally, for the navigation to the browser and back you will have to use
[deep
links][https://www.jetbrains.com/help/kotlin-multiplatform-dev/compose-navigation-deep-links.html].
> Implement authentication with OAuth in Admin UI
> -----------------------------------------------
>
> Key: SOLR-17845
> URL: https://issues.apache.org/jira/browse/SOLR-17845
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI
> Reporter: Christos Malliaridis
> Priority: Major
> Labels: advanced, new-ui, ui
>
> With SOLR-17659 we have introduced basic authentication. Since Solr supports
> other authentication options, we should start adding those too.
> h2. Task
> Add support for authenticating with OAuth 2.0 / OIDC.
> h2. Acceptance Criteria
> - Client ID can be configured
> - Authorization Code Flow with PKCE is supported
> - Redirects to the browser and back work as expected
> - Tokens are refreshed when refresh_tokens are issued
> - ID tokens are used for identifying the user (user identity)
> h2. Additional Information
> Typical OAuth flows require a redirect to the browser. If you are not
> familiar with the OAuth flows, it is strongly recommended to learn those
> first. A good resource for that is https://oauth.net/2/
> The [documentation of Ktor|https://ktor.io/docs/client-bearer-auth.html]
> shows how the flow should be implemented.
> You should be aware that the desktop client, as well as the wasmJS (web)
> client, will both have to retrieve and use the client ID, which will probably
> not be hardcoded in the source code. The client ID is usually generated by
> the OAuth server.
> Additionally, for the navigation to the browser and back you will have to use
> [deep
> links|https://www.jetbrains.com/help/kotlin-multiplatform-dev/compose-navigation-deep-links.html].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
