Refactor & fully implement SCIM 2.0 specification #15830
Comments
|
It seems like many SCIM 2.0 providers are working with Coder and our documentation claims to be SCIM 2.0 compatible. Suggested course of action:
Given many providers do not support all SCIM 2.0 features, I think we should bias towards clarity versus parity/compliance in the first pass. Better to communicate current state and reduce confusion before undergoing a larger refactor. Bringing this into our first sprint next year. |
|
Not sure if we have capacity for this in this sprint, but want to reiterate that "p1" (which can be extracted to a smaller issue) is ensuring our docs reflect the current behavior and documenting any edge cases and workarounds that may impact users. Then p2 is finding ways for us to have clearer support for the spec, by referencing what other vendors do to support this. |
Coder supports SCIM as a premium feature: https://coder.com/docs/admin/users/oidc-auth#scim-enterprise-premium
The goal of SCIM is to push user updates from an IdP into Coder. This allows Coder to stay in sync with the IdP without requiring the user to log in with claims.
The current implementation was implemented to a MVP state, specifically to work with Okta cloud. Over time, as more customers try and use SCIM, it is clear the MVP implementation is insufficient, and fragile.
Fragility concerns:
PATCHendpoint is not 2.0 compliant. Given this works with Okta cloud, either Okta cloud is sending 1.0 request payloads, or using the PUT endpoint request in the PATCH payload?!This refactor should implement SCIM as a library if possible, and implement the protocol specification as defined here: https://datatracker.ietf.org/doc/html/rfc7644
The text was updated successfully, but these errors were encountered: