Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚀 Feature: Add client side (in-browser only) OIDC auth provider. #27584

Open
2 tasks done
gusevda opened this issue Nov 11, 2024 · 1 comment
Open
2 tasks done

🚀 Feature: Add client side (in-browser only) OIDC auth provider. #27584

gusevda opened this issue Nov 11, 2024 · 1 comment
Labels
auth enhancement New feature or request

Comments

@gusevda
Copy link
Contributor

gusevda commented Nov 11, 2024

🔖 Feature description

Add OIDC auth provider implementation that works completely in the browser in addition to current implementation where the actual OIDC flow (getting an access token from an issuer, refreshing the token, etc.) is happening on the backend side.

🎤 Context

In my company we use OIDC auth providers to access some API endpoints. But some OIDC issuers are not accessible from the network of the server where Backstage backend runs and we cannot change it. These private OIDC issuers can be accessed by users by using VPN on their machines. If we had in-browser OIDC implementation, users would be able to authenticate.

✌️ Possible Implementation

Currently, for OIDC providers, communication with backend plugin happens in the DefaultAuthConnector. We can have a separate implementation of this connector that doesn't talk to a backend plugin but directly handles authentication flows (getting a token, refreshing a token, etc.).

As an alternative, we can make it easier to reuse current client side auth components, so a custom, client side only, auth provider can be implemented as a plugin. For example, make it possible to provide a custom auth connector to the OAuth2 component.

👀 Have you spent some time to check if this feature request has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

Yes I am willing to submit a PR!

@gusevda gusevda added the enhancement New feature or request label Nov 11, 2024
@vinzscam vinzscam added the auth label Nov 14, 2024
@vinzscam
Copy link
Member

Thanks @gusevda. Do you have any suggestions on a possible direction to take to implement this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants