DRAFT
Overview
Today, Admin App supports only forms-based authentication for using the application. This design proposes adding another method of delegating user-authentication to trusted 3rd party-sources via OpenID Connect, to provide single-sign on like experiences to users of Ed-Fi tools. If this design, implemented code and pattern is successful in Admin App, it will be considered for reuse in applications such as Data Import.
...
Note: Similarly, Admin App should be registered with custom OIDC authentication provider for availing client_key and client_secret.
Store external authentication provider details:
For enabling OIDC authentication Admin App needs provider details, which includes OIDC server authentication Url, Client_Id, Client_Secret, ResponseType, and required scopes.
On development environment all these details can be stored on Authentication section on appsettings.json file or can be set as user-secrets.
ex: dotnetuser-secrets set "Authentication:Google:Client_Id""sampleapp"
For production environment, it is recommended to store Client_Id and Client_Secret on environment variables.
OIDC authentication flow on Admin App:
...
On Admin App, the cookie is used as default sign-in and sign-out schema. So, logout operation will clear the cookie.
Store external authentication provider details:
For enabling OIDC authentication Admin App needs provider details, which includes OIDC server authentication Url, Client_Id, Client_Secret, ResponseType, and required scopes.
On development environment all these details can be stored on Authentication section on appsettings.json file or can be set as user-secrets.ex: dotnetuser-secrets set "Authentication:Google:Client_Id""sampleapp"For production environment, it is recommended to store Client_Id and Client_Secret on environment variables.