[QA] admin cannot login, when basic_auth_guest_only is true

Question

[QA] admin cannot login, when basic_auth_guest_only is true

jnweiger opened this issue 2 years ago · 8 comments

jnweiger commented 2 years ago

Seen while testing openidconnect 2.2.0-rc.6 with core 10.11.0

Restrict basic auth to guests only: occ config:system:set openid-connect.basic_auth_guest_only --value true --type boolean
Try to log in the admin user with basic auth.
An error occurs. BAD

Expected behaviour:

admin can always log in.

Answer 1 · 2022-10-04T22:58:25.000Z

Works as designed. Only guests 🤷

Answer 2 · 2022-11-18T09:41:59.000Z

I suggest to revert #253 and get this release rolling.

We have customers waiting for other features of this release.

@jvillafanez @hodyroff @jnweiger objections

Answer 3 · 2022-11-18T10:07:37.000Z

#265 would fix this, but we need to decide what to do with the feature as a whole

Answer 4 · 2022-11-18T10:31:36.000Z

Absolutly

blocking/allowing guest login is not the responsibility of the openid connect app from my pov
adding yet another config switch #265 might be a bit overkill - only one customer is requesting this feature
lack of decision making is blocking other customers

Answer 5 · 2022-11-18T10:38:34.000Z

revert pr created ...... so that we are prepares once the decision is there ..... #268

Answer 6 · 2022-11-24T09:41:27.000Z

I agree with the revert and move everything to work with groups. #265 could carry guests and admin group to fix my case.
The naming of the key in #265 is weird then and should be simplified.