Set up WebHare as an OIDC identity provider
25 views
Skip to first unread message
Robin Leenheer
Feb 13, 2025, 9:34:11 AMFeb 13
to General WebHare developers discussion
I am trying to set up WebHare as an identity provider in a dev:blankjs module to enable login to another app using WebHare.
I followed the instructions on dev to set up the WRD as an identity provider, verified i can see json on the .wellknown/openid-configuration endpoint and added the serviceprovider with callbackurl. Like what has been done in the testsuitte i want to use the system:usermgmt schema aswell.
```
The login page is set up as follows:
``````
In the main TypeScript file of the web design, I use the SetUpWRDAuth() function to add form functionality.
The steps above result in a working login form, but it does not redirect back to the other app to complete the login process.
Am I missing something? Should I avoid using SetUpWRDAuth() and use something else instead? Or am i supposed to implement my own authentication flow instead?
I followed the instructions on dev to set up the WRD as an identity provider, verified i can see json on the .wellknown/openid-configuration endpoint and added the serviceprovider with callbackurl. Like what has been done in the testsuitte i want to use the system:usermgmt schema aswell.
I also added WRD Auth to the site profile, including the login page, like so:
```
```
wrdschema="system:usermgmt"
cachefields="wrd_fullname"
cookiename="webharelogin-coeihwafg89472rqgwhuifjlaeb982q4riqw"
lastloginfield="LASTLOGIN"
loginpage="currentsite::/" />
The login page is set up as follows:
```
<form id="loginform" class="wh-wrdauth__loginform" autocomplete="off" method="POST">
<input name="login" id="login" placeholder="login"><br>
<input name="password" id="password" placeholder="password" type="password"><br>
<input type="submit" id="loginbutton" value="Login">
</form>
In the main TypeScript file of the web design, I use the SetUpWRDAuth() function to add form functionality.
The steps above result in a working login form, but it does not redirect back to the other app to complete the login process.
Am I missing something? Should I avoid using SetUpWRDAuth() and use something else instead? Or am i supposed to implement my own authentication flow instead?
Arnold Hendriks
Feb 13, 2025, 5:57:15 PMFeb 13
to General WebHare developers discussion, Robin Leenheer
is the login page stuck with a wrdauth_logincontrol variable on the URL? this needs to be passed to the wrdauth plugin after login is completed
this->logincontrol := GetFormWebVariable("wrdauth_logincontrol");
IF (this->logincontrol != "")
this->formcontext->GetWRDAuthPlugin()->ProcessReturnTo(this->logincontrol);
Arnold Hendriks
Feb 14, 2025, 4:37:46 AMFeb 14
to General WebHare developers discussion, Arnold Hendriks, Robin Leenheer
Oh wait, you're not implementing the form submission of course but relying on submitLoginForm to do that. And that one doesn't bother with checking for any post-login flow. This part isn't in TS yet..
I'm going to look into this further, because it's also a case of 'too many ways to actually implement a login' and the testmatrix is exploding if we also need to test oidc flows separately against the Webhare Login, setupWRDAuth (javascript) login and WRDAuthPages.
Arnold Hendriks
Feb 21, 2025, 11:36:47 AMFeb 21
to General WebHare developers discussion
Are you using the <form id="loginform" class="wh-wrdauth__loginform as a fullscreen login page? It was originally designed for 'login widgets' ie putting a login/password control on every page, eg in a sidebar.
That intent conflicts with OIDC usage as you would normally send users to a page specifically designed for logging in - but a login widget gives a user an opportunity to 'wander off' and do something else. (Though even a dedicated login page with any contact or terms link would risk that)
Would setting up the WRDAuthPages and pointing there work for you ? WRDAuthPages also implement reset/forgot/change password use cases, and will add 2FA auth/setup in the near future.
Robin Leenheer
Feb 21, 2025, 12:37:23 PMFeb 21
to General WebHare developers discussion, Arnold Hendriks
I initially used <form id="loginform" class="wh-wrdauth__loginform"> on the standard Witty page since the login page's placement doesn’t matter yet.
Your suggestion to use the WRDAuth pages pointed me in the right direction. I got a working example by using the WRDAuth router, which I borrowed from the WebHare test suite code, on a custom file type and applying that file type to the login page of the WRDAuth plugin.
```
```
<dynamicexecution routerfunction="idp.whlib#WRDauthRouter" />
</filetype>
```
```whlib
PUBLIC OBJECT FUNCTION WRDAuthRouter(OBJECT webdesign)
{
OBJECT page := GetWRDAuthPages(webdesign);
RETURN page ?? NEW SimpleWebPage(PTR EmbedWittyComponent(Resolve("wrdauthtest.witty:wrdauthrouter"),
[ wrdauthrouter := webdesign->GetWRDAuthPlugin()->GetWRDAuthRouterWittyData(webdesign->baseurl)
]));
}
```
Op vrijdag 21 februari 2025 om 17:36:47 UTC+1 schreef Arnold Hendriks:
Reply all
Reply to author
Forward
0 new messages