SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

Clarifying question: Adding custom persistence layer for a custom oidc impl

Open curiousdev opened this issue 4 years ago • 4 comments

I'm working on an oidc implementation, whereby I need to override the persistence interfaces -- custom lookup for User info.

Looking at the src, I've identified the relevant contracts, I would need to implement.

What's your recommended way to getting them loaded viaStartup.cs? The examples I'm finding directly reference the InMemory implementations.

ICommandRepository.cs                  
IOAuthClientQueryRepository.cs          
IOAuthUserQueryRepository.cs
IJsonWebKeyCommandRepository.cs         
IOAuthScopeCommandRepository.cs        
IJsonWebKeyQueryRepository.cs           
IOAuthScopeQueryRepository.cs
IOAuthClientCommandRepository.cs        
IOAuthUserCommandRepository.cs

One idea, I had would be to manually unregister the InMemory types and register my custom ones. And invoke this at the very end of Startup.cs

curiousdev avatar Feb 23 '21 22:02 curiousdev

Hello,

You can follow the same architecture used by SCIM : 'SimpleIdServer.Scim.Persistence.EF' (https://github.com/simpleidserver/SimpleIdServer/tree/master/src/Scim/SimpleIdServer.Scim.Persistence.EF):

  • Create a class project.
  • Implement each repository.
  • Add an extension method to register your dependencies.

simpleidserver avatar Feb 24 '21 15:02 simpleidserver

Can you use the same users in the SCIM repository for OpenID? How could that be achieved?

luismdelgado avatar May 06 '21 14:05 luismdelgado

Hello,

The SCIM2.0 API is used as a provisioning / deprovisioning service. When a user is created, it should also be replicated into the OPENID server. Therefore the OPENID server has its own database and should not use the SCIM DB. I'm going to update the SCIM project to raise events when User / Groups are added, updated, removed etc... In future It will be possible to subscribe to events in order to create / remove users from the OPENID server.

When a user is added in the OPENID server, the scim_id & scim_location should be stored and returned in the id_token (when the scope "scim" is used both claims are returned in the id_token). The client must use the claim "scim_location" to get user information from SCIM2.0 API.

simpleidserver avatar May 06 '21 19:05 simpleidserver

The SCIM2.0 API has been updated in the branch "release/1.2.2". Now you can subscribe to external events like "RepresentationAddedEvent", "RepresentationUpdatedEvent" and "RepresentationRemovedEvent". The project "SimpleIdServer.Scim.Startup" is configured to consume external events & the class "IntegrationEventConsumer" should contains the logic to add users into OpenID.

The logic to consume events and populate the OpenID database can be externalised into a windows service.

simpleidserver avatar May 07 '21 13:05 simpleidserver