3
 Followers
12
 Likes

Make OAuth 2.0 a first-class citizen

Integration
New

A lot of people are using the IDP Forge component to provide authentication via OAuth 2.0 providers like Azure AD, Google or Okta. The problem with this is that it only has community based support, no build-in methods for protecting own build API's or being able to authenticate with external API Endpoints protected with OAuth 2.0.

I think we need to have IDP (or something alike) to be integrated within Outsystems and be support by Outsystems . It should also be made an authentication option for all assets that now can be protected with the build-in authentication methods (like screens and APIs). Also authenticating to other assets protected with OAuth 2.0 should be a native capability.

Created on 24 Jan 2019
Comments (4)

Changed the category to Integration


Fully agree with Vincent

For end-users authentication we now have Active Directory and LDAP, I am really missing Azure AD. 

Hi Vicent,


Since 2 days ago OutSystems supports SAML 2.0 authentication for end-users, enabling easy configuration for any IdP provider that supports this protocol.

We have also some accelerators and specific documentation for AzureAD and Okta. Take a look on the latest documentation.

We are assessing the OAuth need and use case so that we can also address this protocol.


Thanks for the feedback.

Hi Fernando, 

Thanks for the update. I already noticed this addition in the patch notes and we will upgrade soon to take advantage of this (not to mention the addition of React Web!) :). 

To give some insight on why we also need OAuth 2 authentication in addition to SAML. With OAuth 2 we can retrieve autentication tokens for APIs in the user context. We have several hundred API's in place that we need to consume somewhere in Q1-Q2 2020 in planned applications, by having this implemented natively instead of via the forge we know we get a solid and supported implementation of this protocol. 

We would also like to protect our exposing REST from OutSystems with OAuth to have better manageable authorization platform that is inline with company standards. 

views
307
Followers
3