Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider exposing decryption functionality for SDK #21

Closed
kwajiehao opened this issue Mar 20, 2023 · 2 comments
Closed

Consider exposing decryption functionality for SDK #21

kwajiehao opened this issue Mar 20, 2023 · 2 comments
Assignees
@kwajiehao
Labels
enhancement New feature or request

Comments

@kwajiehao
Copy link
Contributor

Problem

There are many projects which provide out-of-the-box integration with custom OIDC providers, such as NextAuth. In the event that one of our users is using one of these libraries, the sgID SDK is not useful because the decryption functionality is currently coupled with the userinfo method. This means that the user will need to implement the decryption step themselves, which is tricky and likely to increase integration time

Proposed solution

Expose the decryption functionality as its own method so that RPs using standard libraries to integrate with custom OIDC providers can use them too
@kwajiehao kwajiehao added the enhancement New feature or request label Mar 20, 2023
@kwajiehao kwajiehao self-assigned this Mar 27, 2023
@kwajiehao
Copy link
Contributor Author

kwajiehao commented Apr 5, 2023
edited
Loading

I was looking at some custom OIDC providers, and I thought I would log my research here

PassportJS

PassportJS is an authentication middleware for node which can be dropped into any Express app. It includes 500+ strategies and includes a bunch of custom strategies for integrating with OAuth and OIDC identity providers like Google, Facebook, etc.

I looked at the OIDC and OAuth 2.0 strategies, but it seemed pretty opinionated on how authentication is being done - meaning that there is no room for us to insert the sgID decrypt step for the passport strategy to make sense of the data.

NextAuth

NextAuth is an authentication library for the NextJS framework. It also contains custom providers for integrating with major OIDC identity providers like Google or Facebook. There doesn't seem to be a general OAuth 2.0 or OIDC provider library - rather, you would need to write your own custom provider.

Conclusion

Actually, we don't necessary need to expose the decryption step. For now, if we deem it necessary, we can just add custom strategies or providers to libraries like PassportJS and NextAuth.

Closing this issue and replacing it with one that explicitly mentions creating custom providers.

@LoneRifle
Copy link
Contributor

Given we are trying to offer custom strategies for PassportJS now, would it make sense to shard out the decryption step into a package that is either public, or at least, accessible to both sgid-client and the proposed passport-sgid?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kwajiehao kwajiehao

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LoneRifle @kwajiehao