You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This starter kit currently handles authentication and authorization from the perspective of a machine user that sources data from Drupal. It would be desirable to demonstrate an example for user authentication as well - a user can authenticate via a login form and as a result gains access to specific resources based on their Drupal account.
Describe the proposed solution
Provide an OpenID based user authentication option.
User authenticates via next-auth / OpenID provider
This information is used to authenticate with Drupal
** OpenID connect will create a Drupal account the first time a user authenticates if it does not exist. What I'm not clear on is if this will happen when accounts are created via API based registration requests and if the next-auth token provides enough information to make SSO with Drupal possible.
** If OpenID can't create accounts via API requests, this step instead would have to try to authenticate or check for the existence of a Drupal account (as the machine user,) and if the account doesn't exist, create an account.
A user specific Drupal State store is created for that user. All user specific requests are made through that store.
Describe the problem
This starter kit currently handles authentication and authorization from the perspective of a machine user that sources data from Drupal. It would be desirable to demonstrate an example for user authentication as well - a user can authenticate via a login form and as a result gains access to specific resources based on their Drupal account.
Describe the proposed solution
Provide an OpenID based user authentication option.
Drupal:
Assumes that Simple oAuth and OpenID Connect are installed.
Next:
Using NextAuth
High level flow:
** OpenID connect will create a Drupal account the first time a user authenticates if it does not exist. What I'm not clear on is if this will happen when accounts are created via API based registration requests and if the next-auth token provides enough information to make SSO with Drupal possible.
** If OpenID can't create accounts via API requests, this step instead would have to try to authenticate or check for the existence of a Drupal account (as the machine user,) and if the account doesn't exist, create an account.
Drupal State:For user authentication Drupal will need to be enhanced to support the password grant type. A related issue exists here: https://www.drupal.org/project/drupal_state/issues/3263740Alternatives considered
There are many other auth methods that could satisfy this, but this approach has the benefit of taking advantage of Drupal's simple oAuth Ecosystem.
Importance
It would make my life easier
Additional Information
No response
The text was updated successfully, but these errors were encountered: