Add support to the CHT api for new endpoint for OIDC login #9765

jkuester · 2025-01-29T23:24:07Z

The /medic/login/oidc endpoint should support GET requests with a code query param. The code should be the authorization_code coming from the OIDC Provider.
This is the endpoint the OIDC Provider should re-direct back to.
Add a new getOidc function in api/src/controllers/login.js that will handle the request and call through to code in the openid-client to validate the authorization_code.
For a good authorization_code, the OIDC Provider should return an id_token containing the username for the authenticated user.
Lookup the user's doc in _userand confirm oidc_provider value is set
Generate a Couch session cookie for user and respond with valid user session.
- This will require access to the Couch secret value which can be requested from the Couch instance. There is some code in the proxy auth PR that does this. I think we might be able to put that functionality for getting the secret into shared-libs/settings (or maybe that code is already sufficient for retrieving the secret value?).
Add integration tests for the login controller

The text was updated successfully, but these errors were encountered:

benkags · 2025-02-18T20:32:41Z

@jkuester please assign me this ticket

jkuester · 2025-02-18T20:36:30Z

jkuester added the Type: Feature Add something new label Jan 29, 2025

mrjones-plip mentioned this issue Feb 13, 2025

Single sign on using identity provider #9735

Open

jkuester assigned benkags Feb 18, 2025

Provide feedback