[MXS-4271] Add OpenID integration for the REST API Created: 2022-09-02 Updated: 2022-10-04 Resolved: 2022-10-04 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | REST-API |
| Affects Version/s: | None |
| Fix Version/s: | 22.08.2 |
| Type: | New Feature | Priority: | Major |
| Reporter: | markus makela | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
Being able to authenticate users using a third-party authentication service would make the REST API more convenient to integrate into other products and websites. It can also offer a more convenient account management system for organizations that already use it for other things. |
| Comments |
| Comment by Nachiket (Inactive) [ 2022-09-08 ] |
|
Assigning to Bhavin since he is managing QE. |
| Comment by markus makela [ 2022-09-28 ] |
|
Added admin_oidc_url that defines the OpenID Connect server from where the public certificates of the signature keys are retrieved. Tokens issued by the OIDC server are accepted for authentication but authorization is still done using the user accounts in MaxScale. That is, the "sub" field of the token must be a user created with maxctrl create user. |