Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

DRAFT

Overview

Today, Admin App supports only forms-based authentication for using the application.  This design proposes adding another method of delegating user-authentication to trusted 3rd party-sources via OpenID Connect, to provide single-sign on like experiences to users of Ed-Fi tools.  If this design, implemented code and pattern is successful in Admin App, it will be considered for reuse in applications such as Data Import.

Registering client application with external authentication providers:

Client application needs to be registered to an external authentication provider, in order to delegate the user authentication process.

The client application registration varies across different providers.

Ex: Steps for registering Admin App to Google authentication provider API: 

  1. Register Admin App with Google at https://console.developers.google.com
  2. Set the redirect URI to https://localhost:5000/signin-google (localhost:5000 will be replaced with Admin App host and port)
  3. User can get Client Key and Client Secret by setting up Credentials details on Google API
  4. User will be using the given Client Key and Client Secret on Admin App to establish the connection with Google API for authenticating the user

Note: Similarly, Admin App should be registered with custom OIDC authentication provider for availing client_key and client_secret.

OIDC authentication flow on Admin App:

  • No labels