Feature proposal - be able to swap Id provider for a scim compliant IdP
Context
As discussed today with @maarten, we'll apply to an NGI fund, and part of our proposal, we'll include stackspin.
k8s.libre.sh / IndieHosters stack
Our collaboration stack is basically composed of:
- Keycloak
- Nextcloud
- RocketChat
We currently don't have a dashboard to manage apps, users and groups.
We are seriously considering to use stackspin UI (the react app and the flask backend) to do that.
Problem space
Currently staskspin dashboard is working with kratos IdP. And you login in the dasboard though hydra.
We, at IndieHosters use keycloak for both tasks.
How do we make stackspin dashboard compatible with keycloak?
Proposed solution
Login (estimation 3 weeks)
First we need to make stackspin UI compatible with another OpenID Connect client. This would mean:
- make it configurable to use hydra or another OpenID Connect provider
- be able to configure it
The logic for this task is available here.
User provisioning (estimation 3 weeks)
Currently it is using kratos provisioning API. The idea is to make this configurable to be able to use any scim service provider to provision the users. SCIM is an emerging IETF standard for user provisioning.
In term of implementation, it would mean to reimplement the UserService class.