Alright so we add a chat today with @paco who helped me to have a clearer understanding of which authentication methods are used today within OFN and which options are possible.
Maybe it’s not 100% the correct place to document this, we can move this to another threads once we are clear on the next steps.
What authentication methods are currently used by OFN? If i understood correctly:
- when a user login on the platform we are using Devise on warden
- OAuth2 is used to authenticate the user on Stripe’s side
- our API uses warden but there was previous discussion on potentially switching to Oauth2
OAuth2 and OpenID Connect (OIDC) are two complementary standards: yet, while OpenID Connect is based on OAuth2 and cannot work without it, OAuth2 can be implemented alone.
When using OAuth2 or OpenID Connect, you need to use a server that will handle the authentification. If I got it right, Doorkeeper is basically an authentification server. For DFC work, so far we are using an OIDC server hosted by lescommuns.org. The main reason was that lescommuns.org and DFC shared similar values.
DFC documentation on this can be found here: OIDC Authentication · datafoodconsortium/dfc-prototype-V3 Wiki · GitHub
Microsoft, Apple and Google are already providing OIDC services (see this list), so if one day we want to add a google connect or equivalent as a login option to OFN, it will be possible. It’s out of the scope right now, but as we are only at the inception level, it might be good to keep this use case in mind. That being said this use case can also be applied with OAuth2 alone.
Anyway, my conclusion on this so far is that we need to have a clear view on how to approach the authentication method topic within OFN (what’s used to login, what’s used for the REST API), and from there how to deal with it when working on the DFC connector which requires OIDC.
Maybe the best would be to start by a dev spike? @lin_d_hop does that sound like an interesting starting point in the API roadmap?