Page MenuHomeSoftware Heritage

Allow to login with OIDC Authorization Code Flow
Open, NormalPublic

Description

The Software Heritage web application should offer users to login based on the Authorization Code Flow from OpenID Connect.

Dedicated endpoints and Django authentication backend must be implemented to perform that task.

Event Timeline

anlambert triaged this task as Normal priority.Thu, Jan 23, 3:46 PM
anlambert created this task.

Today, the best solution seems to use the PKCE extension for the Authorization Code Flow as it enables to authenticate a user without having to store a client secret on the backend side.