Feature proposal - be able to swap Id provider for a scim compliant IdP

Context

As discussed today with @maarten, we'll apply to an NGI fund, and part of our proposal, we'll include stackspin.

k8s.libre.sh / IndieHosters stack

Our collaboration stack is basically composed of:

Keycloak
Nextcloud
RocketChat

We currently don't have a dashboard to manage apps, users and groups.

We are seriously considering to use stackspin UI (the react app and the flask backend) to do that.

Problem space

Currently staskspin dashboard is working with kratos IdP. And you login in the dasboard though hydra.

We, at IndieHosters use keycloak for both tasks.

How do we make stackspin dashboard compatible with keycloak?

Proposed solution

Login (estimation 3 weeks)

First we need to make stackspin UI compatible with another OpenID Connect client. This would mean:

make it configurable to use hydra or another OpenID Connect provider
be able to configure it

The logic for this task is available here.

User provisioning (estimation 3 weeks)

Currently it is using kratos provisioning API. The idea is to make this configurable to be able to use any scim service provider to provision the users. SCIM is an emerging IETF standard for user provisioning.

In term of implementation, it would mean to reimplement the UserService class.

Edited Jul 29, 2022 by Maarten de Waard

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message