Details
-
Feature Request
-
Resolution: Done
-
Blocker
-
None
-
2.1 GA, SaaS
-
Done
-
0
-
0%
Description
Currently when Zync creates a client in RH SSO after an application was created in 3scale, the information about the OAuth flows that should be enabled is not passed, so the default is used – only Standard Flow (Authorization Code flow) enabled.
If the requirement is to have another flow enabled instead (e.g. Client Credentials flow), this needs to be handled manually by enabling the corresponding flows via API or UI of the RH SSO admin console.
The request is to be able to configure allowed OAuth flows on the 3scale service (done by the API provider in the admin portal), so when a new application is created, the corresponding flows are enabled on the client on RH SSO side:
- standardFlowEnabled (Authorization Code flow)
- implicitFlowEnabled
- serviceAccountsEnabled (Client Credentials flow)
- directAccessGrantsEnabled (Resource Owner Password Credentials flow)
Comment from mcichra - There is a workaround how to configure Zync to configure supported flows for all services and applications: https://github.com/3scale/zync/pull/100
Specification: https://docs.google.com/document/d/1-8ZcenxDWe4l5t8WvqLns2tckkqiYPPDdRQp6-N0yOM/edit?ts=5c6ff2cd
Attachments
Issue Links
- is documented by
-
THREESCALE-1746 Document how to configure allowed OAuth flows per Service
-
- Closed
-
- relates to
-
-
- Closed
-
1.
|
Proxy, OIDC configuration model |
|
Closed | 
|
Unassigned |
2.
|
Configure OAuth flows in the UI |
|
Closed |
|
Unassigned |
3.
|
Extend "/admin/api/applications/find.json" to return OIDC configurations |
|
Closed |
|
Unassigned |
4.
|
CRUD for OIDC configuration of Proxy |
|
Closed |
|
Unassigned |