Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provide authentication method for confidential OAUTH flow (client_secret required) #4

Closed
AnalogJ opened this issue Sep 24, 2022 · 0 comments
Closed

provide authentication method for confidential OAUTH flow (client_secret required) #4

AnalogJ opened this issue Sep 24, 2022 · 0 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request question Further information is requested

Comments

@AnalogJ
Copy link
Member

AnalogJ commented Sep 24, 2022

Epic, BlueButton, etc requrie a client_secret
Unfortunately we need to provide a method to allow users to authenticate to these systems securely, without breaking the TOS for these providers

This means

  • that provider client id and secret must stay on the server, and must not be sent to the user.
  • NOTE this means that the user's access token/refresh token will be "available" to the Fasten Lighthouse (temporarily) before it it retrieved by the user. This may concern users, so we should notify them BEFORE they start the auth flow for these providers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request question Further information is requested
Projects
Fasten - Lighthouse
Status: Done
Fasten - Self-Hosted
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AnalogJ