#7743 Template for OIDC secret requests
Opened 6 months ago by pingou. Modified 6 months ago

Seeing the information asked on #7679, I would like to propose the following template for these type of requests:

To help us register your application in our OIDC service, we need a few information
from you:

Note: all the default values provided here are based on the default choice/implementation
of flask-oidc. If you do not use this library you may have to refer to the documentation
of your library.

Some generic information first:
- What is the application main URL?
- Who will be the main contact for the application, or will this be core infrastructure?
- What privacy policy will be applicable to the application, or will this be the standard Fedora privacy policy?

Some more OIDC specific information then:
- Which redirect URI(s) will the application use?
  - flask-oidc defaults to : <APPLICATION_URL>/oidc_callback but it's configurable (so double-check)
- Does the application need the user names, or will an application-specific pseudonym suffice?
  - ie: using flask-oidc, do you ever rely on ``OIDC.user_getfield('sub')`` to get the user's username?
    If not, this question likely does not matter for your application
- Which authorization flow does the application use?
  - flask-oidc: authorization_code (
- Which token authentication method does the application use?
  - flask-oidc: client_secret_post
- Which response type does the application rely on?
  - flask-oidc: Code

Up for discussion :)


On the topic of privacy, it would be good to require them to provide a SAR script as part of this process.

On the topic of privacy, it would be good to require them to provide a SAR script as part of this process.

Shouldn't this be part of the RFR instead?

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)

6 months ago

Template is fine from my side... although if we move to using taiga it won't matter too much. ;(

Login to comment on this ticket.

Metadata