openfairdb
openfairdb copied to clipboard
SSO: Login over wechange.de account via oAuth2 or LDap
Problem
- Users are annoyed of too many logins
- Story userdata is quite sensitive regarding privacy...
- On kvm we dont have and dont want to enable user-to-user communication.
- But for regional and thematic collaboration we need to offer certain possibilities.
Solution
- [ ] Implement SSO with wechange.de-Useraccounts
- Definition is described here: https://github.com/wechange-eg/faq/blob/main/OAuth2.md
- [ ] Group-Membership defines, if a user has Admin-Status on ofDB
- [ ] In a Super-Admin list on ofDB Helmut can define, which Group from wechange.de is giving admins rights (later it can be limitted to certain areas or hashtags)
- [ ] Via this link: https://wechange.de/o/me/ you get the group-memberships of a user, to check of which groups he is part of.
Creating entries should be possible without login but then those entries first must be checked by a Regionalpilot before they are added.
Issues from WE:
- Single-Sign-On (SSO) mit Fairlogin https://git.wechange.de/wechange/aktuell/plattform-n/-/issues/434
- Gruppenmitgliedschaften in OAuth2-SSO integrieren https://git.wechange.de/wechange/aktuell/plattform-n/-/issues/542
For Later
- OSM- SSO: when logging in, redirect to OSM to log in there. We need to know the user names to add our entries to the OSM.
- If our useraccounts are connected to OSM it can build on this interface: https://www.onosm.org/
Hopefully it is possibel to find an Identity-Provider that can handle OSM and all other SSO-Accounts! https://github.com/kartevonmorgen/kartevonmorgen/issues/217