tracker.org
This commit is contained in:
parent
40b65db60a
commit
790f1bf2ff
1 changed files with 3 additions and 26 deletions
29
tracker.org
29
tracker.org
|
@ -303,33 +303,10 @@ IROH-Auth currently work with 3 IdPs:
|
||||||
- SxSO (Okta)
|
- SxSO (Okta)
|
||||||
|
|
||||||
SxSO is the only IdP from which we do not care about the =organization-id=.
|
SxSO is the only IdP from which we do not care about the =organization-id=.
|
||||||
|
So organization created through login via IDB AMP or IDB TG will be called
|
||||||
|
/managed orgs/. Mainly the IdP is responsible for the name of the =org-id=.
|
||||||
|
|
||||||
During the first login of a new user we can create a new org.
|
For managed orgs, we create the org using the function =iroh-auth.iroh-auth-service.core/sync-user-org=.
|
||||||
To support different protocols and login IdP we centralize the 3rd party
|
|
||||||
information about some user in a structure called =SessionTokenInfos=:
|
|
||||||
|
|
||||||
#+BEGIN_SRC clojure
|
|
||||||
(s/defschema SessionTokenInfos
|
|
||||||
(st/open-schema
|
|
||||||
(st/merge
|
|
||||||
{:token-id s/Str
|
|
||||||
:user-id s/Str
|
|
||||||
:org-id s/Str}
|
|
||||||
(st/optional-keys
|
|
||||||
{:role s/Str
|
|
||||||
:scopes (s/either [s/Str] #{s/Str})
|
|
||||||
:idp-id s/Str
|
|
||||||
:user-email s/Str
|
|
||||||
:user-nick s/Str
|
|
||||||
:org-name s/Str
|
|
||||||
:original-org-id s/Str
|
|
||||||
:original-user-id s/Str
|
|
||||||
:lifetime-in-sec s/Int
|
|
||||||
:max-clock-skew s/Int
|
|
||||||
:oidc-identity-token {:id_token s/Str
|
|
||||||
s/Keyword s/Any}
|
|
||||||
:saml-response s/Str}))))
|
|
||||||
#+END_SRC
|
|
||||||
**** DONE back to work :work:
|
**** DONE back to work :work:
|
||||||
:LOGBOOK:
|
:LOGBOOK:
|
||||||
CLOCK: [2020-09-29 Tue 13:57]--[2020-09-29 Tue 14:04] => 0:07
|
CLOCK: [2020-09-29 Tue 13:57]--[2020-09-29 Tue 14:04] => 0:07
|
||||||
|
|
Loading…
Reference in a new issue