cbrain icon indicating copy to clipboard operation
cbrain copied to clipboard

Published 20 hours ago verified publisher icon aces

Refacto OIDC

Open natacha-beck opened this issue 8 months ago • 0 comments

This PR replace #1396 one.

It is a way to generalize the usage of alternative identity provider.

It allow the CBRAIN administartor to have a config file oidc.yml with the following information:

OIDC_name:
    authorize_uri:                  "https://.../authorize"
    token_uri:                      "https://.../token"
    logout_uri:                     "https://...logout"
    scope:                          "urn:globus:auth:scope:auth.globus.org:view_identities openid email profile"
    client_secret:                  <%= ENV["globus_secret_key"] %>
    client_id:                      <%= ENV["globus_client_id"] %>
    identity_provider:              "identity_provider"
    identity_provider_display_name: "identity_provider_display_name"
    preferred_username:             "preferred_username"
    link_to:                        "www.globus.org"
    link_to_uri:                    "https://www.globus.org/"

Note Multiple identity provider can co-exist, but the client_id should be unique across all identity provider.

natacha-beck avatar Jun 12 '24 21:06 natacha-beck