Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFE: Protect Authentication and Authorization of the SCIMv2 Service with OAuth2 Bearer Token Authentication. #22

Open
f-trivino opened this issue Mar 16, 2023 · 0 comments

Comments

@f-trivino
Copy link
Collaborator

The SCIM 2.0 protocol supports multiple HTTP-based authentication schemes to enable API access by some SCIM clients. Currently, only httpbasic is supported and there is no Authorization defined. The aim of this ticket is to implement support for Oauth2 with bearer token.

The new auth scheme should be exposed in the “/ServiceProviderConfig” endpoint for the auto-discovery service.

OAuth2 Bearer Token allows the authentications to be delegated to a OIDC server outside of the SCIM API implementation apart from making the auth mech compatible with OIDC. The best security practices related to bearer tokens (like TLS transport, limited scoping, short lifetimes) must be enforced.

Ideally, we should also define authorization scopes such as scim read and scim write so that the client can request the minimum access to the API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant