OAuth Server and Default Callback Support #246
Comments
|
Related to issue #100 which adds the basic client callback support in libcups. |
|
Okay so by authorization you mean when we open the localhost:631 it asks for username and password of the machine there we have to add authorization? |
|
@ShivanshCharak No, this is to integrate support for using OAuth/OpenID with CUPS - on the client side to open a browser window to authorize access, and on the server (cupsd) side to "introspect" the access token to get the authorized user name. In short, an alternative to the usual username + password stuff. |
|
It's easier to manage from security perspective by allowing having a single identity per employee and auditing (SAML is a good example, think about controlling the paper type and color/b&w centrally in that case). |
|
@michaelrsweet okay so you mean by using openid we have to do Authorization by poping up the window there we have to give our detail like email or password and by using tge system will give us access |
|
@ShivanshCharak I appreciate the enthusiasm! We are finalizing some OAuth things over in the Printer Working Group now, and I hope to post an initial document for discussion this week (I'll add a link here). Aside from the logistics of what bits of OAuth/OpenID to support, there are also a bunch of security things to think about in implementation to prevent arbitrary programs from collecting access tokens. |
|
OK, so I've been noodling some things for how to implement this:
For GUI applications, the CPDB UI will need to handle bringing up the OAuth authorization page and collecting the bearer token. |
This bug is a placeholder for adding OAuth server support to cupsd and figuring out the right default callbacks on different platforms.
The text was updated successfully, but these errors were encountered: