Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #14714 be an OpenID Connect provider
Actions
Summary
Empty
be an OpenID Connect provider
Empty
See epics acceptance criteria.

The whole thing is a "all or thing" story, here it corresponds to implementation of the OpenID Connect protocol.
Empty
Empty
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#14714
Thomas Gerbet (tgerbet)
2020-04-30 14:10
2020-03-24 11:31
15978

References
Artifact links
Empty
Referencing story #14714

Artifact Tracker v5

epic #14432 Tuleap OAuth2 Provider
rel #14681 11.14

Git commit

tuleap/tuleap/stable

Replace firebase/php-jwt with lcobucci/jwt 3e99c984db
User avatar Thomas Gerbet (tgerbet) , 2020-03-24 15:41
Add the 'openid' scope d077d54685
User avatar Thomas Gerbet (tgerbet) , 2020-03-30 14:03
Send a minimal ID token when requested 08c77ef6b9
User avatar Thomas Gerbet (tgerbet) , 2020-04-06 17:55
Sign ID tokens 59e2498af0
User avatar Thomas Gerbet (tgerbet) , 2020-04-07 15:18
Base of UserInfo endpoint a45dc65390
User avatar Joris MASSON (jmasson) , 2020-04-09 09:06
Expose a JSON Web Key Set document [0][1] 3b81d5c07b
User avatar Thomas Gerbet (tgerbet) , 2020-04-09 10:11
OAuth2 server plugin integration tests do not properly cleans after themselves 55aca28699
User avatar Thomas Gerbet (tgerbet) , 2020-04-09 09:53
UserInfo endpoint responds to "email" scope 80d70b188f
User avatar Joris MASSON (jmasson) , 2020-04-09 17:42
Add support for the 'nonce' parameter during authentication request 813a81c1f3
User avatar Thomas Gerbet (tgerbet) , 2020-04-09 15:29
The authorization endpoint must support to be called with a HTTP POST request [0] f3a28a2396
User avatar Thomas Gerbet (tgerbet) , 2020-04-10 13:44
REST endpoints cannot be accessed with an OAuth2 access token 8ae18208f3
User avatar Thomas Gerbet (tgerbet) , 2020-04-10 17:13
UserInfo endpoint responds to "profile" scope 75d921d6f7
User avatar Joris MASSON (jmasson) , 2020-04-10 17:19
Support the prompt parameter with the none value [0] 7d7469142c
User avatar Thomas Gerbet (tgerbet) , 2020-04-14 11:48
Support the prompt parameter with the consent value [0] 9d4b071fb7
User avatar Thomas Gerbet (tgerbet) , 2020-04-14 13:23
Support the prompt parameter with the login value [0] 4ee71f4642
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 10:16
Consent should always be required when the authorization request ask for the offline scope be607acd07
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 11:06
Discovery configuration endpoint 2c20b513b6
User avatar Joris MASSON (jmasson) , 2020-04-15 11:00
Support the 'max_age' parameter in authorization request 818c202dcc
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 14:02
Remove uneeded \assert() 8d98102bcb
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 15:00
Reject authorization requests with unsupported OIDC parameters a8aeb64ba9
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 16:41
Move the OAuth2 server plugin out of experimental 56242fa171
User avatar Thomas Gerbet (tgerbet) , 2020-04-15 16:45
Test the creation of an OAuth2 app a173d0d4c1
User avatar Thomas Gerbet (tgerbet) , 2020-04-16 12:52
Test that a user can approve an OAuth2 authorization request ab41a263a7
User avatar Thomas Gerbet (tgerbet) , 2020-04-17 11:27
Test the OAuth2 flow with a basic relying party 81c9de933b
User avatar Thomas Gerbet (tgerbet) , 2020-04-17 16:50
service_documentation points to OpenIDConnect documentation 312322e266
User avatar Joris MASSON (jmasson) , 2020-04-20 11:26
Replace Restler's Explorer to generate the API specification file 2a5cf9917a
User avatar Thomas Gerbet (tgerbet) , 2020-04-18 19:31
Test the refresh token grant 5dc3baacf5
User avatar Thomas Gerbet (tgerbet) , 2020-04-20 11:06
Validate the ID token in the test flow dfae7404d8
User avatar Thomas Gerbet (tgerbet) , 2020-04-20 14:08
Test the token revocation 583c6fae99
User avatar Thomas Gerbet (tgerbet) , 2020-04-20 15:05
Test discovery endpoint 36beae9902
User avatar Joris MASSON (jmasson) , 2020-04-20 17:58
Add information about which OAuth2 scope can be used with a REST endpoint b64aee8deb
User avatar Thomas Gerbet (tgerbet) , 2020-04-20 16:47
Fix potential runtime crash in the Relying-Party used for the E2E tests d349ac815e
User avatar Thomas Gerbet (tgerbet) , 2020-04-21 10:13
Cannot build Enterprise without the experimental packages d7e4a3962d
User avatar Thomas Gerbet (tgerbet) , 2020-04-21 16:18
Be able to generate a new client secret 204d46ff65
User avatar Joris MASSON (jmasson) , 2020-04-21 17:25
Remove oauth2_server leak in tests/e2e/full/wrap_for_dev_context.sh 8d6dd82a7c
User avatar Thomas Gerbet (tgerbet) , 2020-04-21 13:45
Improve logging to ease troubleshooting sessions b440fb136e
User avatar Thomas Gerbet (tgerbet) , 2020-04-23 13:27
Add the "claims_supported" metadata to the OIDC discovery document 575d95e293
User avatar Thomas Gerbet (tgerbet) , 2020-04-26 20:04
Rotate ID token signing keys periodically 5b660d4d1d
User avatar Thomas Gerbet (tgerbet) , 2020-04-27 14:20
IE11 fix for OAuth2 apps b4abee4d22
User avatar Joris MASSON (jmasson) , 2020-04-28 15:21
Display settings

Follow-ups