New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide endpoint with list of enabled custom autentication methods #208

Open
yurem opened this Issue Apr 27, 2016 · 3 comments

Comments

Projects
None yet
4 participants
@yurem
Contributor

yurem commented Apr 27, 2016

Delegate authentication method selection to RP is the good idea. But it requires additional resources to do that on RP side.

For me this issue requires changes on both sides: OP and RP.

  1. There is one issue. According to the spec acr_values is an list. Now oxAuth uses first enabled method from this list. Why oxAuth can't handle this in better way? For example client specified acr_values=["duo", "super-gluu"]. As result oxAuth should give user choose which method to use.
    This approach will be good for simple RP without investment into special login page in client application.

  2. If someone not likes oxAuth auth method selector we can offer new simple oxAuth endpoint (https://ce-dev.gluu.org/.well-known/acr-configuration) with list of methods to simplify building this dialog on RP side.
    Example result:
    [{ acr:"duo",
    icon:"oxauth_url_to_acr_method_icon",
    additional_property1: "",
    additional_property2: ""
    },
    { acr:"super-gluu",
    icon:"oxauth_url_to_acr_method_icon",
    additional_property1: "",
    additional_property2: ""
    }]

With this JSON, RP can easily build own auth method chooser page.

@yurem yurem added the enhancement label Apr 27, 2016

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Apr 27, 2016

To keep what we've discussed in skype and mails:

Main concern is mostly about user experience. When user click on selector icon it is not clear what are next steps. Nice idea that comes from @willow9886 is to add additional component on web page which would show current step and also all further steps.

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Apr 27, 2016

As on image below, user on login page will see that next step is duo (or other possible many steps).
https://dailypost.files.wordpress.com/2013/06/2step.jpg

For this we would need to add additional method to custom authentication scripts to be able fetch description of step.

@nynymike nynymike added this to the CE 2.4.6 milestone Apr 29, 2016

@nynymike

This comment has been minimized.

Contributor

nynymike commented Apr 29, 2016

I think we should back-burner this issue. There is a WG at OIDF that will address some of these issues I think: http://openid.net/wg/eap/

@nynymike nynymike modified the milestones: 3.2.0, CE 3.1.0 Apr 7, 2017

@willow9886 willow9886 modified the milestones: 3.2.0, CE 3.2.0 Apr 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment