I’m trying to implement the new OIDC login feature with my rails app as an OP, the OP is implemented using doorkeeper_openid-connect gem, and enforces the discovery feature.
Zammad correctly finds the auth endpoints thanks to the /.well-known/openid-configuration endpoint, but the request is rejected by my OP as it lacks a client_secret parameter.
Is there a way to configure the client-secret in Zammad ?
This sounds like a must-have feature request if it isn’t already in the works. I’m trying to configure okta OIDC auth in Zammad, similar to how we auth WordPress, but I’m not having any luck since I can’t set the keys.
Is there a way now or in the future to set environment variables like in the Example configuration for omniauth_openid_connect?
Like already mentioned by @fliebe92, this is currently not possible. But for sure, this was the first step of the implementation, and the focus was on the easiest way of configuration.
For the first implementation, it makes total sense to go for the easiest way of configuration!
But I also agree with @Mk1DzL, it’s going to be a huge blocker for most OAuth2 providers. Would you be open to a PR if the community want to had support for such configuration?
Hey @fliebe92@dominikklein, you might have missed my latest message: would you be open to a PR to enhance support for OpenID Connect in Zammad? It’s a wonderful piece of software, we would happy to contribute if that can help the community.
Hi @marieglr. Unfortunately not, the pipeline was full of other stuff.
What we definitely need is a way to make the admin interface more dynamic, the OIDC config contains too many fields (in case discovery is not used). Still thinking about it.
