Generic openID-Connect compliance
make data-explorer full oidc compliant to be able to plug keycloak, adfs or any oidc auth ref without having to change the codebase.
todo:
-
rm be code -
use stamped lib for generic oidc things (security!) -
refactor current client implementation -
design configuration to cover exotic stuff (ie realm) -
redirect after login & logout -
DE > login > logout > select a facet > state & oidc info are in the url
tests:
-
devops keycloak -
online adfs (mock) -
oecd adfs
flow tests:
-
!isAuthRequired
> unlogged > DE loads > login > redirect to kc > redirect to DE > logged > refresh > logged > logout > reload DE > unlogged -
isAuthRequired
> unlogged > redirect to kc > redirect to DE > logged > refresh > logged > logout > localhost issue -
invalid oidc provider fallback to anonymous mode (considered unlogged even if logged to oidc with other apps, can't login) -
login > switch tab and refresh DE > should be logged
bonus:
-
create a lib to use in DLM as is
used resources:
Edited by Nicolas Briemant