Skip to content

[Prototype] Update the OpenID module to use the OpenIddict client #14021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kevinchalet wants to merge 1 commit into from
Closed

[Prototype] Update the OpenID module to use the OpenIddict client #14021

kevinchalet wants to merge 1 commit into from

Conversation

@kevinchalet
Copy link
Member

@kevinchalet kevinchalet commented Jul 21, 2023
edited by Piedone
Loading

This is a very crude PR that replaces the MSFT OIDC handler in OrchardCore.OpenId by the OpenIddict client. I deliberately didn't touch the OpenID client recipe to avoid a source/binary breaking change and used multiple mappings to avoid behavior changes.

Open questions:

  • Do we want to support configuring multiple client registrations (to connect with multiple OpenID Connect servers)? It's not something currently supported by the OpenID client feature and would likely require changes to the UI/recipes.
  • Do we want to use OpenIddict's web providers? If so, how do we architecture things? Do we want to merge the Facebook/Google/GitHub/Entra ID/Twitter modules into OrchardCore.OpenId?

Related discussion: OrchardCoreContrib/OrchardCoreContrib.Modules#90.

Depends on #7891.

/cc @hishamco @MichaelPetrinolis

@kevinchalet kevinchalet added this to the backlog milestone Jul 21, 2023
@kevinchalet kevinchalet self-assigned this Jul 21, 2023
@kevinchalet kevinchalet mentioned this pull request Jul 21, 2023
Open
kevinchalet
kevinchalet commented Aug 9, 2023
View reviewed changes
kevinchalet
kevinchalet commented Aug 9, 2023
View reviewed changes
@kevinchalet kevinchalet mentioned this pull request Sep 12, 2023
Merged
@Piedone
Copy link
Member

Piedone commented Jan 18, 2024

So this depends on #7891, right?

@kevinchalet
Copy link
Member Author

kevinchalet commented Jan 18, 2024

So this depends on #7891, right?

Technically, we could use the same X.509 certificates generation logic as the server feature but since it's something we want to get rid of once the secrets module is ready, it's likely better to just wait so yeah 😃

@Piedone
Copy link
Member

Piedone commented Jan 18, 2024

OK then, thank you. I think it's better as a draft, then, for now.

@Piedone Piedone mentioned this pull request Jan 18, 2024
Draft
@github-actions
Copy link
Contributor

github-actions bot commented Feb 8, 2024

This pull request has merge conflicts. Please resolve those before requesting a review.

@Piedone Piedone marked this pull request as draft April 21, 2024 19:13
@kevinchalet kevinchalet mentioned this pull request Apr 23, 2024
Closed
@github-actions
Copy link
Contributor

github-actions bot commented May 24, 2024

This pull request has merge conflicts. Please resolve those before requesting a review.

@github-actions
Copy link
Contributor

github-actions bot commented Jul 23, 2024

It seems that this pull request didn't really move for quite a while. Is this something you'd like to revisit any time soon or should we close? Please comment if you'd like to pick it up.

@github-actions github-actions bot added the stale label Jul 23, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Aug 16, 2024

This pull request has merge conflicts. Please resolve those before requesting a review.

@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2024

This pull request has merge conflicts. Please resolve those before requesting a review.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 16, 2024

It seems that this pull request didn't really move for quite a while. Is this something you'd like to revisit any time soon or should we close? Please comment if you'd like to pick it up.

@github-actions github-actions bot added the stale label Nov 16, 2024
@kevinchalet kevinchalet removed the stale label Nov 16, 2024
@kevinchalet kevinchalet force-pushed the openiddict_client branch 2 times, most recently from c615cfa to 8914f57 Compare December 27, 2024 20:05
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2025

This pull request has merge conflicts. Please resolve those before requesting a review.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 30, 2025

It seems that this pull request didn't really move for quite a while. Is this something you'd like to revisit any time soon or should we close? Please comment if you'd like to pick it up.

@github-actions github-actions bot added the stale label Mar 30, 2025
@kevinchalet kevinchalet removed the stale label Mar 30, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Mar 31, 2025

This pull request has merge conflicts. Please resolve those before requesting a review.

@MikeAlhayek
Copy link
Member

MikeAlhayek commented Apr 23, 2025

Do we want to support configuring multiple client registrations (to connect with multiple OpenID Connect servers)? It's not something currently supported by the OpenID client feature and would likely require changes to the UI/recipes.

I think we should. I would it its common for one tenant to want to connect to multiple OpenId servers.

Do we want to use OpenIddict's web providers? If so, how do we architecture things? Do we want to merge the Facebook/Google/GitHub/Entra ID/Twitter modules into OrchardCore.OpenId

Can't we keep the module in tact but add the corresponding registration in the proper module? For example, in the GitHub module we can register using something like this

            options.UseWebProviders()
                   .AddGitHub(options =>
                   {
                       // these would be coming from the IOptions<GitHubAuthenticationSettings>
                       options.SetClientId("")
                              .SetClientSecret("")
                              .SetRedirectUri("");
                   })

@kevinchalet
Copy link
Member Author

kevinchalet commented Apr 25, 2025
edited
Loading

Can't we keep the module in tact but add the corresponding registration in the proper module? For example, in the GitHub module we can register using something like this

We definitely can, but OpenIddict already offers more than 100 provider integrations: while it's extremely unlikely we'll want to support all of them in OC, we'll probably have demand for some of them over time: if we keep the 1 provider = 1 package pattern, it may quickly go out of hand: all these packages have a cost that can't be neglected (e.g increased loading times in VS, longer build times, etc.)

@MikeAlhayek
Copy link
Member

MikeAlhayek commented Apr 25, 2025

The rule we follow when creating new modules "if the module requires a new dependency, it's likely that it should have it's own module".

So if we don't need to install extra packages for each provider, then we can move them into one module added one feature per provider.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 9, 2025

It seems that this pull request didn't really move for quite a while. Is this something you'd like to revisit any time soon or should we close? Please comment if you'd like to pick it up.

@github-actions github-actions bot added the stale label Aug 9, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 25, 2025

Closing this pull request because it has been stale for very long. If you think this is still relevant, feel free to reopen it.

@github-actions github-actions bot closed this Aug 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kevinchalet kevinchalet

Labels

don't merge merge conflict OpenId stale

Projects

None yet

Milestone

backlog

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinchalet @Piedone @MikeAlhayek