Required for NFDI to connect to https://doc.nfdi-aai.de/infraproxy/:
See https://www.passportjs.org/packages/passport-openidconnect/ and https://www.passportjs.org/packages/openid-client/ for libraries to implement. Likely requires extension of the UI as well so users can check what personal information is stored in login server. (see Infrastructure Attribute Policy (IAP) at https://doc.nfdi-aai.de/policies/#nfdi-policies).
Requires a new openidconnect strategy to be implemented. Setting would be like
{
"id": "infraproxy",
"strategy": "openidconnect",
"name": "NFDI AAI",
"options": {
"clientID": "...",
"clientSecret": "...",
"configuration": "https://infraproxy.nfdi-aai.dfn.de/.well-known/openid-configuration"
},
"image": "...nfdi-logo...",
"url": "https://www.nfdi-aai.de/"
}
callback URL / redirect_uri would then be $base/login/infraproxy/return, e.g.
For testing & development maybe the test server https://www.openidconnect.net/ and/or a server implementation such as https://github.com/psteniusubi/oidc-tester can help.
If basic authentication via OpenID Connect works, add #121 to get selected claims such as affiliation.
Required for NFDI to connect to https://doc.nfdi-aai.de/infraproxy/:
See https://www.passportjs.org/packages/passport-openidconnect/ and https://www.passportjs.org/packages/openid-client/ for libraries to implement. Likely requires extension of the UI as well so users can check what personal information is stored in login server. (see Infrastructure Attribute Policy (IAP) at https://doc.nfdi-aai.de/policies/#nfdi-policies).
Requires a new
openidconnectstrategy to be implemented. Setting would be like{ "id": "infraproxy", "strategy": "openidconnect", "name": "NFDI AAI", "options": { "clientID": "...", "clientSecret": "...", "configuration": "https://infraproxy.nfdi-aai.dfn.de/.well-known/openid-configuration" }, "image": "...nfdi-logo...", "url": "https://www.nfdi-aai.de/" }callback URL /
redirect_uriwould then be$base/login/infraproxy/return, e.g.For testing & development maybe the test server https://www.openidconnect.net/ and/or a server implementation such as https://github.com/psteniusubi/oidc-tester can help.
If basic authentication via OpenID Connect works, add #121 to get selected claims such as affiliation.