Read the above documentation and then implement the remaining functionalities.
- Applications(& roles, scopes), Groups(& members), users, tenants, admin, api-keys, jwks, memory-monitory and their crud operations are implemented. Now we need to make
node-oidc-provideruse them to run the user flow. - In
node-oidc-providersome partialadapterandconfig.serviceis created. The adapter Uses Prisma Adapter to do crud on the application, grant, session, interation etc. (see OidcModel Schema inschema.prisma). Accountclass is based on this: node-oidc-provider account this is used to find the users that are already created in our whole service. (Checking for password is not done till now).- Time to live for access token and refresh token is added.
- 1. Domain pinning or clientBasedCors
- 2. Check whether the password is correct while
login - 3. Jwks in the
oidc.config.service.ts - 4. Creating our own
interactionspage and removingdevInteractions - 5. Use sqlite instead of postgresql
- 6. Correction kickstart.json
- 7. Making sure the tests are up to date
- 8a. Integration with minIO
- 8b. Integration with oauth-2-proxy
- 9. Removing any redundant code and cleanup and documentation updation
- 10. otp integration --> 2nd
- 11. remove dynamic imports of oidc-provider
- 12. User Registration updation, creation after interaction ends
- 14. Complete updateUser in user.service.ts
- 15. 100 users script
- 16. Dockerfile and Docker-compose
otp, dynamic
features.registration
.devInteractions
.introspection
.jwtIntrospection
.jwtUserinfo
.registration -> intial and final access tokens,
.userinfo
.resourceIndicators -> to set the scopes
clientBaseCors -> to check whether a given cors request should be allowed based on request's client (domain pinning) : this function is not getting called
extraParams -> ctx.oidc.params m available honge ye, will be passed to interaction session details
extraTokenClaims -> minio ki problem solve kr dega
adapter -> find -> clients
interactions.policy
renderError ttl -> time to live for various things user flows -> can be used after interactions are completed so that we can add user registration or if want save refreshTokens of a user
add refresh_token and access_token in response body for user_registration. Deprecated was removed
in findAccount check lastLoginInstant for user registration idToken ka ttl? registration will happen after getting consent - and where will it happen after consetless login
frontend
- signout reject k baad signout succes show krna. bhale hi signout na hua ho, frontend issue
- redirect_uri ka panga on ejs index.ejs renderError page ki backchodi
- ejs me redict routes aur clientid dkh
backend
- logout_url??
- how to skip these pages??: DONE
- policy claim in minio : DONE
resource oidc.github p kuch mila
domain pinning + non-consent screen +
- oauth + with consent and without consent : DONE
- tenant + application crud : DONE
- domain pinnig
- oauth2 proxy and minio : DONE
- pkce : DONE
- ttl set krna h
Presentation points
fusionAuth kya h - very heavy to setup, show its docker compose, htop etc. use case - generically use case on fusionAuth. isse utha k jo dali h humne. oidc compliant Alternatives - keycloak and fusionauth both heavy, Auth0
User + UserRegistration updation either in findAccount or interaction end
Dockerfile and docker-compose
oauthproxy+Minio combined working
Multiple configure ho pae toh sorted h else make a simple app that uses google login and shows a page and make a button for oidc login to show consent screen