You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add OIDC auth provider implementation that works completely in the browser in addition to current implementation where the actual OIDC flow (getting an access token from an issuer, refreshing the token, etc.) is happening on the backend side.
🎤 Context
In my company we use OIDC auth providers to access some API endpoints. But some OIDC issuers are not accessible from the network of the server where Backstage backend runs and we cannot change it. These private OIDC issuers can be accessed by users by using VPN on their machines. If we had in-browser OIDC implementation, users would be able to authenticate.
✌️ Possible Implementation
Currently, for OIDC providers, communication with backend plugin happens in the DefaultAuthConnector. We can have a separate implementation of this connector that doesn't talk to a backend plugin but directly handles authentication flows (getting a token, refreshing a token, etc.).
As an alternative, we can make it easier to reuse current client side auth components, so a custom, client side only, auth provider can be implemented as a plugin. For example, make it possible to provide a custom auth connector to the OAuth2 component.
👀 Have you spent some time to check if this feature request has been raised before?
🔖 Feature description
Add OIDC auth provider implementation that works completely in the browser in addition to current implementation where the actual OIDC flow (getting an access token from an issuer, refreshing the token, etc.) is happening on the backend side.
🎤 Context
In my company we use OIDC auth providers to access some API endpoints. But some OIDC issuers are not accessible from the network of the server where Backstage backend runs and we cannot change it. These private OIDC issuers can be accessed by users by using VPN on their machines. If we had in-browser OIDC implementation, users would be able to authenticate.
✌️ Possible Implementation
Currently, for OIDC providers, communication with backend plugin happens in the DefaultAuthConnector. We can have a separate implementation of this connector that doesn't talk to a backend plugin but directly handles authentication flows (getting a token, refreshing a token, etc.).
As an alternative, we can make it easier to reuse current client side auth components, so a custom, client side only, auth provider can be implemented as a plugin. For example, make it possible to provide a custom auth connector to the OAuth2 component.
👀 Have you spent some time to check if this feature request has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
Yes I am willing to submit a PR!
The text was updated successfully, but these errors were encountered: