Additional Authentication Providers

[yorek]

Summary

Increase the number of Authentication providers supported

Motivation

Right now, only EasyAuth and Azure AD are supported. Common authentication providers like Auth0 and in general support for any provider compatible with the OAuth2 protocol should be provided. This would eneable also on-prem users to use custom or third party OAuth2 providers they trust.

Functional Specifications

Using the jwt section in the configuration file it will be possible to specify, like already implemented,

• issuer that will be used to validate the token received
• audience that will be used to determine the used/required scope

there will be also the ability to specify where the role claims can be found using a dedicated option

• roles.path will allow to specify JSON path where roles are in the received JWT token.

For example, for an Azure AD token the roles.path would be roles

Prior Work

A discuss arone the topic was started in #719

[yorek]

We should also integrate with https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview, in case it is not already working.

[seantleonard]

@yorek, to clarify, this ask is for non-hosted scenario, yes? EasyAuth allows configuring generic OpenID Connect providers which should include the providers that you mention.

Update -> Ah, I see this clarified in the description. This is for on-prem scenarios.

[olissao]

Hi @yorek @seantleonard what is the status of Bring your own IDP i.e. using a generic ODIC provider?

[JerryNixon]

Closing in favor of other issues that are more specific to enable use cases.