[Koha-bugs] [Bug 28420] Allow login via AzureAD OpenID-Connect
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 25 11:31:10 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28420
--- Comment #7 from mark.jaroski at gmail.com ---
I think as long as we're doing pure authentication the only part of OAuth2 we'd
want to implement is the straight OpenID-Connect flow which goes like this:
1. Fetch the IDP metadata
2. Send the user to the IDP to fetch their OpenID JWT
3. Validate the JWT against the prefetched metadata
There's no reason AFAIK to continually fetch the metadata, so that can be done
asynchronously with some kind of scheduled task like a cron job.
It really is just about the simplest of OAuth2 flows, and simplicity is our
friend in security, right?
I guess the only reason to implement any other OAuth2 flow would be to work
with third-party APIs. I guess there might be some of that these days, but I
have to admit not knowing enough about Koha to know what they would be. Maybe
some kind of third-party e-book provider?
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list