Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Refactor & fully implement SCIM 2.0 specification #15830

Open
0 of 1 issue completed
Open
Feature
0 of 1 issue completed
@Emyrk

Description

@Emyrk

Coder supports SCIM as a premium feature: https://coder.com/docs/admin/users/oidc-auth#scim-enterprise-premium

The goal of SCIM is to push user updates from an IdP into Coder. This allows Coder to stay in sync with the IdP without requiring the user to log in with claims.

The current implementation was implemented to a MVP state, specifically to work with Okta cloud. Over time, as more customers try and use SCIM, it is clear the MVP implementation is insufficient, and fragile.

Fragility concerns:

  • We do not parse the schema types from requests, so we accept 1.0, 1.1, and 2.0 requests, all which look different. Because of how Golang JSON unmarshals, these errors could be silent, and cause unexpected behavior.
  • Our PATCH endpoint is not 2.0 compliant. Given this works with Okta cloud, either Okta cloud is sending 1.0 request payloads, or using the PUT endpoint request in the PATCH payload?!
  • Our user updates only support changing the user status. Not groups, orgs, or roles.

This refactor should implement SCIM as a library if possible, and implement the protocol specification as defined here: https://datatracker.ietf.org/doc/html/rfc7644

Sub-issues

Metadata

Metadata

Assignees

Labels

apiArea: HTTP APIneeds-rfcIssues that needs an RFC due to an expansive scope and unclear implementation path.s2Broken use cases or features (with a workaround). Only humans may set this.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions