"Helmholtz AAI" for GFZ development deployment (!202) · Merge requests · HUB Terra / SMS / Frontend

Wilhelm Becker requested to merge 63-Hifis-AAI-GFZ-PKCE-develop into master Feb 02, 2022

As mentioned in #63 (closed) This is a draft to enable the "Helmholtz AAI" login for the frontend. The implementation still relies on the oAuth2 schema of the nuxt Auth plugin instead of the oidc schema. The latter would require less environment variables, as the well-known can be used. But I could not yet find a way to use the userinfo endpoint with this schema. This would be mandatory, as there are no user infos given in the id_token by the Hifis IDP. This is also a bit confusing, as it makes the ID_token useless. I am now starting to think, that this is something we can require to be solved by hifis. We should include this argument into our discussion about switching from the ID_token to the Accesstoken.

However simple oAuth with the userinfo endpoints works so far with the frontend. Further minor adjustments are needed (e.g. request and correctly map all needed scopes).

Edited Feb 28, 2022 by Wilhelm Becker

"Helmholtz AAI" for GFZ development deployment

Merge request reports