Uploaded image for project: 'RH Developer Hub Planning'
  1. RH Developer Hub Planning
  2. RHDHPLAN-159

Support for OAuth tokens with customizable scopes

Prepare for Z ReleasePrepare Test Plan (Y R...XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 1.4.0
    • Authentication
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      The customer is requesting the ability to generate OAuth Access/Identity tokens in frontend plugins using developer hub libraries.

      • The current implementation requires workarounds like On Behalf Of OAuth flows for Microsoft and limits compatibility with other OAuth providers.
      • The Microsoft provider expects a "fullProfile" attribute, which is only available when using the Microsoft Graph scope. This causes failures when generating tokens with other scopes.
      • The relevant code in the Auth Providers Module [1] enforces this behavior. It explicitly assumes the presence of "fullProfile," making the use of scopes outside of Graph impractical.

      The limitation prevents the use of RHDH OAuthApi libraries [2] for generating tokens with non-default scopes.

      [1] https://github.com/janus-idp/backstage-showcase/blob/main/packages/backend/src/modules/authProvidersModule.ts#L248-L266

      [2] https://backstage.io/docs/reference/core-plugin-api.oauthapi/

              Unassigned Unassigned
              rhn-support-mrust Matthew Rust
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: