couchdb-fauxton icon indicating copy to clipboard operation
couchdb-fauxton copied to clipboard
verified publisher icon apache

Enable Fauxton to authenticate to CouchDB with a JWT access token

Open Stwissel opened this issue 1 year ago • 1 comments

Overview

Preliminary pull request - not ready for merge yet. To collect feedback.

  • Added a button: Login with IdP
  • Added a form to capture IdP info and store in session store
  • Added code to obtain authorization code, access token & refresh token
  • Added code to spin up CouchDB & Keycloak containers including documentation
  • Added IdP.md to document
  • modified ajax.js to add authorization header if token is still valid
  • added code to use refresh token to obtain new access token

Testing recommendations

  • Follow the steps in idp.md.
  • There's a shell script (macOS/Linux only) that configures containers to so CouchDB recognizes the Keycloak public key.

Open questions / feedback

  • How to optimize user flow? (e.g. let the IdP URL point to .well-known?)
  • What should be tested
  • should the config dialog be hidden once set?
  • should the code changes be less sprinkled over?
  • currently the IdP login is its own page, should it be merged and show/hide with login page
  • more ipressions/suggestions

GitHub issue number

Fixes #1457

Checklist

  • [X] Code is written and works correctly;
  • [ ] Changes are covered by tests;
  • [X] Documentation reflects the changes;
  • [ ] Update rebar.config.script with the correct tag once a new Fauxton release is made

Stwissel avatar Jul 31 '24 13:07 Stwissel

@janl Comments?

Stwissel avatar Sep 18 '24 08:09 Stwissel

Closing pending resubmission with less formatting

Stwissel avatar Oct 23 '24 10:10 Stwissel