Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

External OAuth provider compatibility #82

Open
pohlm01 opened this issue Nov 18, 2024 · 0 comments
Open

External OAuth provider compatibility #82

pohlm01 opened this issue Nov 18, 2024 · 0 comments

Comments

@pohlm01
Copy link
Member

pohlm01 commented Nov 18, 2024

#77 added support for an external OAuth provider. At the moment, we require the external provider to send the roles in our proprietary roles format, see example below.

{
  "exp": 1734525218,
  "nbf": 1731933218,
  "sub": "ven_client",
  "roles": [
    {
      "role": "VEN",
      "id": "ven-1"
    },
    {
      "role": "VenManager"
    }
  ]
}

For this issue, we have to investigate how the OpenADR specification defines the existing roles, and should probably introduce a compatibility layer in the authentication procedure of the VTN. For example, if a user has the OpenADR roles read_all, write_programs, and write_events, we would probably need to map this to the AnyBusinessUser in our internal authentication mechanism.

Additionally, we should document how our authentication system works and how to make use of the fine-grained access control that we support with our internal roles.

@pohlm01 pohlm01 moved this to Todo in OpenADR 3.0 Plan Nov 18, 2024
@pohlm01 pohlm01 changed the title External OpenAPI provider compatibility External OAuth provider compatibility Nov 19, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
Status: Todo
Development

No branches or pull requests

1 participant