[PR] Support for IdP AIuthentication [Do not merge yet - Feedback requested] [couchdb-fauxton]

Wed, 23 Oct 2024 07:02:26 -0700 


Stwissel opened a new pull request, #1465:
URL: https://github.com/apache/couchdb-fauxton/pull/1465

   ## Overview
   
   **  Preliminary pull request - not ready for merge yet. To collect feedback. 
**
   
   This PR adds support for OIDC / JWT authentication by adding a button to the 
login screen and a screen to login using IdP parameters.
   
   <img width="523" alt="Screenshot 2024-10-23 at 21 39 56" 
src="https://github.com/user-attachments/assets/df97f5e8-19c0-49f4-aed2-4edc9b71cb18";>
   
   The (WIP) IdP authentication screen looks like this:
   
   <img width="915" alt="Screenshot 2024-10-23 at 21 40 48" 
src="https://github.com/user-attachments/assets/00409972-a44f-4e64-bc8f-d0a79f8fb153";>
   
   Ideally I would read the parameters from the server, so the experience would 
be similar to Cloudant, some advice needed.
   
   
   ## Changes
   
   - Added a button: Login with IdP
   - Added a form to capture IdP info and store in session store
   - Added code to obtain authorization code, access token & refresh token
   - Added code to spin up CouchDB & Keycloak containers including documentation
   - Added IdP.md to document
   - modified ajax.js to add authorization header if token is still valid
   - added code to use refresh token to obtain new access token
   
   ## Testing recommendations
   
   - Follow the steps in [idp.md](idp.md).
   - There's a shell script (macOS/Linux only) that configures containers to so 
CouchDB recognizes the Keycloak public key.
   
   ## Open questions / feedback
   
   - How to optimize user flow? (e.g. let the IdP URL point to .well-known?)
   - What should be tested
   - should the config dialog be hidden once set?
   - should the code changes be less sprinkled over?
   - currently the IdP login is its own page, should it be merged and show/hide 
with login page
   - more impressions/suggestions
   
   ## GitHub issue number
   
   Fixes #1457
   
   ## Checklist
   
   - [X] Code is written and works correctly;
   - [ ] Changes are covered by tests;
   - [X] Documentation reflects the changes;
   - [ ] Update 
[rebar.config.script](https://github.com/apache/couchdb/blob/main/rebar.config.script)
 with the correct tag once a new Fauxton release is made
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to