DRAFT
Overview
Today, Admin App supports only forms-based authentication for using the application. This design proposes adding another method of delegating user-authentication to trusted 3rd party-sources via OpenID Connect, to provide single-sign on like experiences to users of Ed-Fi tools. If this design, implemented code and pattern is successful in Admin App, it will be considered for reuse in applications such as Data Import.
Registering client application with external authentication providers:
Client application needs to be registered to an external authentication provider, in order to delegate the user authentication process.
The client application registration varies across different providers.
Ex: Steps for registering Admin App to Google authentication provider API:
- Register Admin App with Google at https://console.developers.google.com
- Set the redirect URI to https://localhost:5000/signin-google (localhost:5000 will be replaced with Admin App host and port)
- User can get Client Key and Client Secret by setting up Credentials details on Google API
- User will be using the given Client Key and Client Secret on Admin App to establish the connection with Google API for authenticating the user
Note: Similarly, Admin App should be registered with custom OIDC authentication provider for availing client_key and client_secret and delegating the user authentication
OIDC authentication flow on Admin App:
