https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28420
--- Comment #7 from [email protected] --- I think as long as we're doing pure authentication the only part of OAuth2 we'd want to implement is the straight OpenID-Connect flow which goes like this: 1. Fetch the IDP metadata 2. Send the user to the IDP to fetch their OpenID JWT 3. Validate the JWT against the prefetched metadata There's no reason AFAIK to continually fetch the metadata, so that can be done asynchronously with some kind of scheduled task like a cron job. It really is just about the simplest of OAuth2 flows, and simplicity is our friend in security, right? I guess the only reason to implement any other OAuth2 flow would be to work with third-party APIs. I guess there might be some of that these days, but I have to admit not knowing enough about Koha to know what they would be. Maybe some kind of third-party e-book provider? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
