•  
     
    story #14714 be an OpenID Connect provider
Summary
Empty
be an OpenID Connect provider
Empty
See epics acceptance criteria.

The whole thing is a "all or thing" story, here it corresponds to implementation of the OpenID Connect protocol.
Empty
Empty
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#14714
Thomas Gerbet (tgerbet)
2020-04-30 14:10
2020-03-24 11:31
15981

References
Referencing story #14714

Git commit

tuleap/tuleap/stable

Replace firebase/php-jwt with lcobucci/jwt 3e99c984db
Add the 'openid' scope d077d54685
Send a minimal ID token when requested 08c77ef6b9
Sign ID tokens 59e2498af0
Base of UserInfo endpoint a45dc65390
Expose a JSON Web Key Set document [0][1] 3b81d5c07b
OAuth2 server plugin integration tests do not properly cleans after themselves 55aca28699
UserInfo endpoint responds to "email" scope 80d70b188f
Add support for the 'nonce' parameter during authentication request 813a81c1f3
The authorization endpoint must support to be called with a HTTP POST request [0] f3a28a2396
REST endpoints cannot be accessed with an OAuth2 access token 8ae18208f3
UserInfo endpoint responds to "profile" scope 75d921d6f7
Support the prompt parameter with the none value [0] 7d7469142c
Support the prompt parameter with the consent value [0] 9d4b071fb7
Support the prompt parameter with the login value [0] 4ee71f4642
Consent should always be required when the authorization request ask for the offline scope be607acd07
Discovery configuration endpoint 2c20b513b6
Support the 'max_age' parameter in authorization request 818c202dcc
Remove uneeded \assert() 8d98102bcb
Reject authorization requests with unsupported OIDC parameters a8aeb64ba9
Move the OAuth2 server plugin out of experimental 56242fa171
Test the creation of an OAuth2 app a173d0d4c1
Test that a user can approve an OAuth2 authorization request ab41a263a7
Test the OAuth2 flow with a basic relying party 81c9de933b
service_documentation points to OpenIDConnect documentation 312322e266
Replace Restler's Explorer to generate the API specification file 2a5cf9917a
Test the refresh token grant 5dc3baacf5
Validate the ID token in the test flow dfae7404d8
Test the token revocation 583c6fae99
Test discovery endpoint 36beae9902
Add information about which OAuth2 scope can be used with a REST endpoint b64aee8deb
Fix potential runtime crash in the Relying-Party used for the E2E tests d349ac815e
Cannot build Enterprise without the experimental packages d7e4a3962d
Be able to generate a new client secret 204d46ff65
Remove oauth2_server leak in tests/e2e/full/wrap_for_dev_context.sh 8d6dd82a7c
Improve logging to ease troubleshooting sessions b440fb136e
Add the "claims_supported" metadata to the OIDC discovery document 575d95e293
Rotate ID token signing keys periodically 5b660d4d1d
IE11 fix for OAuth2 apps b4abee4d22

Follow-ups