Federated Authentication
- Jared Lohtaja (Unlicensed)
CSESoc now has a federated authentication system available to act as your identity provider for your apps. The main things to keep in mind is that this system is based on OpenID Connect and OAuth2, which are both open standards, both of which have lots of documentation available. I recommend checking this guide first to get an idea as to what it is.
Want to just try enter your details somewhere? Try this (may take a bit to load; it’s just a demo and will send you back to localhost).
How does it work?
There are many ready-to-use OIDC libraries available for react and other libraries for you to use - just fill in the relevant endpoints and client id/secret, and you should be good to go.
Users can just click a button that will take them through the auth process and send them back to your app with the relevant access token - no need to collect their information manually.
To get started with this, please send @Jared Lohtaja (Unlicensed) a message in your relevant channel get a testing client id/secret for your app - once you’re ready, you’ll get a set of prod keys. Let me know what redirect URIs to use as well.
Quick Reference
Discovery endpoint: https://id.csesoc.unsw.edu.au/.well-known/openid-configuration
Authorization endpoint: https://id.csesoc.unsw.edu.au/oauth2/auth
Token endpoint: https://id.csesoc.unsw.edu.au/oauth2/token
Available scopes:
openid
Fetching User Information
After a user completes this flow and you have the openid scope provided, you will have access to an identity token which you can decode to find their zID and other information that is yet to be added. Using this, you will then be able to (soon) request an internal service to get more information about the user, such as their name, faculty, degree. This will be updated once this internal API becomes available.