[
https://issues.apache.org/jira/browse/SOLR-17845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060168#comment-18060168
]
ASF subversion and git services commented on SOLR-17845:
--------------------------------------------------------
Commit d0ff2b98c492b9e3b6b2b2eea4ae9c05eef12259 in solr's branch
refs/heads/branch_10x from Christos Malliaridis
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=d0ff2b98c49 ]
SOLR-17845: Implement OAuth support in new UI (#3754)
This merge adds support for OAuth in the new UI by using a Ktor server for
handling callbacks to the app on desktop, and new tab and event listeners on
Web.
The solution also adds support for multiple authentication options
(MultiAuthPlugin), but with solr-server side limitations.
(cherry picked from commit d06531384de2e3b02328284430893aebbc39779b)
> Implement authentication with OAuth in Admin UI
> -----------------------------------------------
>
> Key: SOLR-17845
> URL: https://issues.apache.org/jira/browse/SOLR-17845
> Project: Solr
> Issue Type: Sub-task
> Components: Admin UI
> Reporter: Christos Malliaridis
> Assignee: Christos Malliaridis
> Priority: Major
> Labels: advanced, new-ui, pull-request-available, ui
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> With SOLR-17659 we have introduced basic authentication. Since Solr supports
> other authentication options, we should start adding those too.
> h2. Task
> Add support for authenticating with OAuth 2.0 / OIDC.
> h2. Acceptance Criteria
> - Client ID can be configured
> - Authorization Code Flow with PKCE is supported
> - Redirects to the browser and back work as expected
> - Tokens are refreshed when refresh_tokens are issued
> - ID tokens are used for identifying the user (user identity)
> h2. Additional Information
> Typical OAuth flows require a redirect to the browser. If you are not
> familiar with the OAuth flows, it is strongly recommended to learn those
> first. A good resource for that is https://oauth.net/2/
> The [documentation of Ktor|https://ktor.io/docs/client-bearer-auth.html]
> shows how the flow should be implemented.
> You should be aware that the desktop client, as well as the wasmJS (web)
> client, will both have to retrieve and use the client ID, which will probably
> not be hardcoded in the source code. The client ID is usually generated by
> the OAuth server.
> Additionally, for the navigation to the browser and back you will have to use
> [deep
> links|https://www.jetbrains.com/help/kotlin-multiplatform-dev/compose-navigation-deep-links.html].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
