Project

General

Profile

Actions

Feature #12817

open

Support organisation specific authorization endpoint

Added by Dries Mys 6 months ago. Updated 2 months ago.

Status:
Review
Priority:
Normal
Target version:
Start date:
07/04/2024
Due date:
% Done:

0%

Estimated time:

Description

Some OAuth platforms use organization specific authorization endpoints, f.ex. the Microsoft identity platform:

Microsoft uses the following format for the authorization endpoint: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize

For tenant, often the value common can be used, but this is not always the case (f.ex. when you want to limit the login to a specific organisation).

To support this situation, it would be useful to add a virtual OAuthProcess::authorizationEndpoint function and use this virtual function when constructing the authorize url inside OAuthProcess::authorizeUrl. The default implementation of this new virtual function would be:

std::string OAuthProcess::authorizationEndpoint () {return service_.authorizationEndpoint();}

By inheriting OAuthProcess (and OAuthService), one could implement the different authorization endpoints, f.ex. based on the organization for which the user is trying to sign in.

Currently, the only possibility (if you want to use the Wt::Auth framework) is to create a separate OAuthService for each tenant, but this require also separate redirect urls. This is somewhat cumbersome as all of them need to be registered in the Microsoft identity platform.

Actions #1

Updated by Matthias Van Ceulebroeck 6 months ago

  • Target version set to 4.11.1

Hey Dries,

Ah, that is indeed very true. Perhaps, in the same vein, it would also be interesting to allow each process to override its scope.
Just a potential other case that may be desired for more complex user-management systems.

Actions #2

Updated by Matthias Van Ceulebroeck 5 months ago

  • Assignee set to Romain Mardulyn
Actions #3

Updated by Romain Mardulyn 5 months ago

  • Status changed from New to InProgress
Actions #4

Updated by Romain Mardulyn 5 months ago

  • Status changed from InProgress to Review
  • Assignee deleted (Romain Mardulyn)
Actions #5

Updated by Matthias Van Ceulebroeck 3 months ago

  • Assignee set to Matthias Van Ceulebroeck
Actions #6

Updated by Matthias Van Ceulebroeck 2 months ago

  • Target version changed from 4.11.1 to 4.12.0
Actions

Also available in: Atom PDF