Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-3717

Enhance logon procedure to allow signalling of required grant type

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Work for GPII-3711 requires a new OAuth grant type, specified under GPII-3716. The fact that a particular logon method will request the grant type needs to be signalled by the particular user listener (e.g. the code which executes during Windows logon) at the time of logon. This implies that logon (at least of this type) becomes a privileged process and should only be possible via local function call by trusted code executing in our own process. Related tidyup for this is to eliminate the localhost HTTP listeners, written up as GPII-3078.

      The required grant type may need to be encoded in the LifecycleManager session - although it seems that all the necessary decoding could occur in the cloud when it receives a write request so it is likely the client will not need the information for the whole duration of the user session. However, it will need to be available at the point the Access Requestor designed for GPII-2436 makes its request to the cloud for an access token - although, going further, we may also allow the cloud to make this decision too based on the notation in the App Installation Clients table looked up via the machine secret, in which case this JIRA is a no-op.

        Attachments

          Activity

            People

            • Assignee:
              cli@ocad.ca Cindy Qi Li
              Reporter:
              amb26 Antranig Basman
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: