Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide OAuth2 compatible identity provider #4453

Closed
1 task done
Tracked by #4450
danielkelemen opened this issue Jun 24, 2024 · 1 comment
Closed
1 task done
Tracked by #4450

Provide OAuth2 compatible identity provider #4453

danielkelemen opened this issue Jun 24, 2024 · 1 comment
Assignees
@tasso94
Labels
scope:authorization DRI: Tobias scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. version:7.22.0-alpha5 version:7.22.0

Comments

@danielkelemen
Copy link
Member

danielkelemen commented Jun 24, 2024
edited
Loading

Acceptance Criteria (Required on creation)

  • Implement an identity provider that support both Camunda groups and oauth2 provider groups.
  • Use Spring's authorities as oauth2 groups.
    • Provide a config property so it can be customized which claim contains the groups.
  • Reuse the DbIdentityServiceProvider.
  • Handle groups from both sources according to the define specification.
    • We don't combine grops. If user is coming from Spring security context, we take groups from there, otherwise from DB.
  • Tests. Moved to a separate ticket.

Hints

Links

Breakdown

PRs
Beta Give feedback
  1. feat(run): add oauth2 identity provider #4570
    ci:default-build ci:distro ci:spring-boot
    danielkelemen tasso94
@danielkelemen danielkelemen mentioned this issue Jun 24, 2024
Closed
1 task
@danielkelemen danielkelemen added type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. scope:authorization DRI: Tobias potential:7.22.0 labels Jun 24, 2024
@danielkelemen danielkelemen self-assigned this Aug 29, 2024
danielkelemen added a commit that referenced this issue Sep 2, 2024
@danielkelemen
feat(run): add oauth2 identity provider
b6f8351 
related to #4453
@danielkelemen danielkelemen mentioned this issue Sep 2, 2024
Merged
@danielkelemen
Copy link
Member Author

Notes

  • This PR adds an optional oauth2 identity provider
    • Can be activated with camunda.bpm.oauth2.identity-provider.enabled: true
    • Provider has the common plugin, factory and impl classes
  • The provider inherits from the DB writable provider so users can still use DB credentials for the rest api.
  • An oauth2 granted authorities mapper is also added. (Spring docs)
    • This is also an optional class that can be used to map authorities from a different claim. Spring uses the scope (scp) by default for authorities.
    • Can be activated with camunda.bpm.oauth2.identity-provider.group-name-attribute: <claim name>

yanavasileva pushed a commit that referenced this issue Sep 4, 2024
@danielkelemen @yanavasileva
feat(run): add oauth2 identity provider
85beb10 
related to #4453
@yanavasileva yanavasileva removed their assignment Sep 6, 2024
tasso94 pushed a commit that referenced this issue Sep 6, 2024
@danielkelemen
feat(run): add oauth2 identity provider (#4570)
a485ee9 
related to #4453
@tasso94 tasso94 closed this as completed Sep 6, 2024
hauptmedia added a commit to hauptmedia/operaton that referenced this issue Nov 8, 2024
@hauptmedia
feat(run): add oauth2 identity provider (#4570)
2179228 
related to camunda/camunda-bpm-platform#4453

Backported commit a485ee9828 from the camunda-bpm-platform repository.
Original author: Daniel Kelemen <[email protected]>
hauptmedia added a commit to hauptmedia/operaton that referenced this issue Nov 8, 2024
@hauptmedia
feat(run): add oauth2 identity provider (#4570)
42d964a 
related to camunda/camunda-bpm-platform#4453

Backported commit a485ee9828 from the camunda-bpm-platform repository.
Original author: Daniel Kelemen <[email protected]>
@hauptmedia hauptmedia mentioned this issue Nov 8, 2024
Merged
javahippie pushed a commit to operaton/operaton that referenced this issue Nov 8, 2024
@hauptmedia @javahippie
feat(run): add oauth2 identity provider (#4570)
002a043 
related to camunda/camunda-bpm-platform#4453

Backported commit a485ee9828 from the camunda-bpm-platform repository.
Original author: Daniel Kelemen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tasso94 tasso94

Labels
scope:authorization DRI: Tobias scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. version:7.22.0-alpha5 version:7.22.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tasso94 @danielkelemen @yanavasileva