Feature #12817
openSupport organisation specific authorization endpoint
0%
Description
Some OAuth platforms use organization specific authorization endpoints, f.ex. the Microsoft identity platform:
Microsoft uses the following format for the authorization endpoint: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
For tenant, often the value common can be used, but this is not always the case (f.ex. when you want to limit the login to a specific organisation).
To support this situation, it would be useful to add a virtual OAuthProcess::authorizationEndpoint function and use this virtual function when constructing the authorize url inside OAuthProcess::authorizeUrl. The default implementation of this new virtual function would be:
std::string OAuthProcess::authorizationEndpoint () {return service_.authorizationEndpoint();}
By inheriting OAuthProcess (and OAuthService), one could implement the different authorization endpoints, f.ex. based on the organization for which the user is trying to sign in.
Currently, the only possibility (if you want to use the Wt::Auth framework) is to create a separate OAuthService for each tenant, but this require also separate redirect urls. This is somewhat cumbersome as all of them need to be registered in the Microsoft identity platform.
Updated by Matthias Van Ceulebroeck 4 months ago
- Target version set to 4.11.1
Hey Dries,
Ah, that is indeed very true. Perhaps, in the same vein, it would also be interesting to allow each process to override its scope.
Just a potential other case that may be desired for more complex user-management systems.
Updated by Matthias Van Ceulebroeck 3 months ago
- Assignee set to Romain Mardulyn
Updated by Romain Mardulyn 3 months ago
- Status changed from InProgress to Review
- Assignee deleted (
Romain Mardulyn)
Updated by Matthias Van Ceulebroeck about 2 months ago
- Assignee set to Matthias Van Ceulebroeck
Updated by Matthias Van Ceulebroeck 12 days ago
- Target version changed from 4.11.1 to 4.12.0