Feature #16171

Updated by Tom Clegg over 1 year ago

The current Google login implementation uses OpenID Connect, but it's hardwired to use the Google endpoint, and it uses the Google People API to look up alternate email addresses.

This feature adds config keys to specify an OpenID Connect endpoint as the login provider.
<pre><code class="yaml">
Clusters:
zzzzz:
Login:
OpenIDConnect:
Enable: true
Issuer:
OIDCIssuer: https://accounts.example.com
ClientID:

OIDCClientID:
aaaaaaaaaaa
ClientSecret:

OIDCClientSecret:
zzzzzzzzzzzz
</code></pre>

There's no user-facing chooser page: only one (Google or generic OIDC endpoint) can be configured at a time.

Implementation:
* rename googleLoginController to oidcLoginController
* use client ID/secret from whichever set of config keys (OpenIDConnect (OIDCClientID or Google) GoogleClientID) is in play set
* if using OIDC keys, don't attempt the Google People API lookup

Back