Caution
This repository is still at the proof-of-concept stage and should definitely not be used in a production setting
This aims to be a SCIM (v2) client, currently targeting Firebase Authentication w/ Google Identity Platform (intention to eventually support multiple targets via an adapter pattern).
It makes use of code generation using https://openapi-code-generator.nahkies.co.nz to generate the server routing and
validation glue from the ./openapi.yaml. (yarn generate will regenerate after changes to the openapi spec)
I couldn't find a complete openapi specification for SCIM v2, so it's cobbled together from a combination of translating the RAML definition found at https://github.com/sudobinbash/okta-scim-mulesoft and adjusting by hand w.r.t RFC 7643 and trial/error testing the integration using Keycloak with this plugin https://github.com/mitodl/keycloak-scim/.
Its definitely still inaccurate, and help solidifying it would be appreciated.
Not much, but starting to improve. You can create / delete users E2E, and update them.
An in-memory groups implementation partially works.
You'll need:
- A GCP / Firebase auth project using Google Identity platform
- To configure an OIDC provider as an authentication method
- To configure your OIDC provider to use SCIM with this project as the SCIM client.
- Run in a context that is authenticated with GCP using application default credentials
- Clone
- Install dependencies
yarn - Configure (
cp .env.example .envand edit, see below) - Run
yarn dev
Configuration reference:
PORT=2000 # port to listen on
SECRET_KEY=some-secret-key # the content of the Bearer token, shared secret between OIDC provider and SCIM client
PROJECT_ID=gcp-project-id # the GCP/Firebase project id
PROVIDER_ID=auth-provider-id # the Firebase authentication method id, eg: oidc.my-okta-integration