New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP UserId Resolver support #2081
Comments
Thanks a lot for your suggestion. SCIM actually IS an HTTP API to retrieve users. Please describe in more detail, what you want to do, otherwise we will need to close this issue. |
Hi @cornelinux! SCIM is for auth servers. My PR is for a simple HTTP API. For example, an external REST user API. |
Sorry. Missing spec or description. We do not do any development without spec. |
The user sources is an http API. How do accomplish that today? I've made a pull request with that |
Didn't I make myself clear? We do not accept Pull Requests without knowing what the pull request does. So you need to tell
This is also necessary so that conceptual discussions can take place before code is generated. We do documentation and we do specs. You need to accept this and comply to this. Noone will read your code to understand what you want to do! Read https://github.com/privacyidea/privacyidea/blob/master/CONTRIBUTING.md#develop |
I just follow the template guidelines automatically generated when I made the feature request. I didn't read all the docs. PD: Relax, we are making software and we are humans. |
Thanks. |
@cornelinux I have updated the description. Tell me if it is enough for the specs or requires anything more. |
@brunocascio GET https://myuserserver/users/{username} But what does it return? So I would expect a description of the request structure and the response structure. RequestGET https://userservice/users/{userid} Is it clear if the ID will always be the username, or could the username be allowed to change? I would like this. ResponseWould it be always a json response? {[
username: hans,
surname: wurst,
givenname: hans,
email: ....
]} What if not all attributes are contained - so should be there a mapping? The thing is, before someone starts to review a code the reviewer should have a functional idea what to expect. A reviewer can not review code, if he does not know, what the code is supposed to do! Thanks for your patience! |
@brunocascio Any news on the description of the return values of the mentioned user endpoint? |
Hi @cornelinux, I'm thinking to close this in favor of refactoring the current users resolvers code so any user would have create their own resolver classes and get it reflected in the UI automatically. What do you think? |
Hi @brunocascio So in the first step I would like to understand your resolver and rather add more config possibilities (like defining the attributes or mappings) to this resolver. |
Hi @cornelinux, Ok, currently I'm using something like this:
Example:
Assuming response status 200 and the following JSON HTTP Response: {
"id": "abc123",
"phone": { "mobile": "+542394567465", "other": null },
"user_name": "user_example",
"email": "user@example.com",
"full_name": "Pepe Perez",
"first_name": "Pepe",
"last_name": "Perez",
}
{
"mobile": "+542394567465",
"username": "user_example",
"email": "user@example.com"
} That's the JSON returned by the NOTE:
|
Hi @brunocascio So here is our list of Todo@brunocascio Does this sound sensible to you? |
Hey @cornelinux, Yes, it does. I'll add the header's flags as well, no problem. Thanks! |
Hi @cornelinux I bring you updates. Special error handling is useful for non-restful where the status code would be 200 but the response By the way, HTTP codes >= 400 are thrown as exceptions. How does it look like for you? Just in case, there's the code: 20fe49d |
Looks promising and now it is easier to understand. Implementing unit tests will be quite easy using Writing the documentation should also be quite clear now. |
Great! Yes, my next steps are unit testing and documentation now 💃 For the development, I'm using a Mock API built on express. file: index.js const app = require('./app')
const app = express().use(express.json());
app.post("/get-2fa-data", function (req, res) {
return res.json({
IsError: false,
Username: req.body.Username,
Email: 'email-for@2fa.com',
phone: { mobile: '+542923682293' }
})
})
app.listen(3000, () => {
console.log("Running mock server!");
}); Request mapping should be: {"Username": "{userid}"} Response mapping would be: {"userid": "{Email}", "mobile": "{phone.mobile}"} |
Hey @cornelinux, I have finished the work! Let me know if it is OK for the privacyidea team. Cheers! |
How is this helpful and how should it be used ? Fair enugh, the resolver config works at getting the test user but how do you actually assign tokens to users from this resolver ? |
Is your feature request related to a problem? Please describe.
What are you trying to achieve?
Currenlty, pi supports
sql
,ldap
,passwd
andscim
user's resolvers. A useful case for microservices is retrieving users from an external API. For example,http://domain.com/users/<userId>
Describe the solution you'd like
A clear and concise description of what you want to happen.
Use third party HTTP API for retrieving user data without follows the SCIM specs.
Since PI does not store users, it uses resolvers like LDAP, SCIM, SQL, etc. Today, there is no way to resolve user information through an API but SCIM. SCIM uses an authorization server to authenticate the request, HTTP resolver will not. HTTP resolver could authenticate users via
Authorization
headers instead.The user would create an HTTP resolver only adding an HTTP endpoint under
Add httpresolver
UI. The endpoint must contain the '%s' symbol inside, symbol where pi will replace with their userId.Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Add inversion control in order to be the user able to create custom resolvers instead of modifying pi code directly.
Additional context
Add any other context or screenshots, that might help us to better understand your idea, your need and your circumstances.
The text was updated successfully, but these errors were encountered: