I have XWiki installation and have configured OIDC Authenticator to work with Microsoft/Azure Entra ID. It works great for normal user SSO. Now I would like to be able to call XWiki REST API with access tokens generated by Entra from another OAuth2-authenticated web application. Entra supports the on-behalf-of flow exactly for that purpose.
My web application is Web API A in the diagram and XWiki should be Web API B.
However, as I currently understand from reading the source and previous discussions, this flow doesn’t work. XWiki OIDC Authenticator extension doesn’t check for bearer tokens and doesn’t validate them. XWiki OIDC Provider extension checks for bearer tokens it itself issued and doesn’t support external providers.
What my use case requires is for XWiki OIDC Authenticator extension to check for present bearer tokens, to parse them as JWT, and to validate them against its configured OIDC provider (Entra in my case).
Is this something that anyone has done with XWiki before? Did I miss anything? Would you like this use case covered by XWiki OIDC contrib project? @tmortagne what do you think?
2 posts - 2 participants