...
If we decide to host our own IdP, we'll need to select from available open source identity service providers (below) and we will still need to deal with authentication and authorization into our service.
Requirements
In priority order:
- Sign-up and approval
- Authentication
- Password management
- Oauth support
- Ability to manage users and groups
- Login, forgot password, password reset
- Signup and approval workflow
- Oauth support
Prototype
Open issues
- Do we need to run our own IdP?
- Is token authentication for CLI OK?
Simple flow
- Sign-up with Github
- User approves access to NDS Labs
- Create account (unapproved)
- An account record is created for user
- Implement Oauth in API server or other Oauth sample SP
- Implement WSO2 IdP with custom login (InfoRecoverySample)
- Federated authenticator with Github?
Oauth 2.0 overview
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
...