Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External OAuth provider compatibility #82

Open
pohlm01 opened this issue Nov 18, 2024 · 0 comments
Open

External OAuth provider compatibility #82

pohlm01 opened this issue Nov 18, 2024 · 0 comments

Comments

@pohlm01
Copy link
Member

pohlm01 commented Nov 18, 2024

#77 added support for an external OAuth provider. At the moment, we require the external provider to send the roles in our proprietary roles format, see example below.

{
  "exp": 1734525218,
  "nbf": 1731933218,
  "sub": "ven_client",
  "roles": [
    {
      "role": "VEN",
      "id": "ven-1"
    },
    {
      "role": "VenManager"
    }
  ]
}

For this issue, we have to investigate how the OpenADR specification defines the existing roles, and should probably introduce a compatibility layer in the authentication procedure of the VTN. For example, if a user has the OpenADR roles read_all, write_programs, and write_events, we would probably need to map this to the AnyBusinessUser in our internal authentication mechanism.

Additionally, we should document how our authentication system works and how to make use of the fine-grained access control that we support with our internal roles.
@pohlm01 pohlm01 moved this to Todo in OpenADR 3.0 Plan Nov 18, 2024
@pohlm01 pohlm01 changed the title External OpenAPI provider compatibility External OAuth provider compatibility Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
OpenADR 3.0 Plan
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pohlm01