I'm implementing a custom PAS Plugin providing authentication via Open Id Connect / OAuth2.
The result of the communication with the Identity provider (Azure Active Directure/AAD) amongst other things is a set of user data:
- user id
- fullname
- email address
The fullname has to be rendered in the Plone default UI elements - e.g. in personal bar viewlet.
It seems, that the Plone default UI elements are using portal memership tool to provide that kind of user information.
I have two ways in mind to meet the requirement: 1. Standard Plone user object, 2. Member properties storage in plugin object:
- Standard Plone user object
Provide a standard Plone user object correspondending to the user id given bei the identity provider.
This could be done by adding a standard Plone user durin initial authentication in the PAS plugin.
The PAS plugin should also ensure that the member data remains current - e.g. the fullname of the user is modified in active directory
Pros:
- user/member properties are availible in Plone default UI elements
Cons:
- using standard Plone user objects results in a mix of users inside of the Plone user management: users managed in Plone itself and users managed by the AAD
- there is no requirement to login AAD users via Plone default login using a password, there is no requirement to manage member data of AAD users in Plone itself, so there is no further reason to havethat kind a 'full' representation of AAD user in the application
- Store member properties in plugin object
Provide an OOBTree storage inside of the plugin object. User data are saved there during initial authentication.
Implementation of IPropertiesPlugin provides user properties.
Pros:
- using a plugin storage is more lightweight then providing 'full' Plone user objects
Cons:
- i have to expand Plone default UI elements to use user properties stored in the plugin
My questions:
- is there a way to use user properties stored in the plugin without customizing Plone UI elements?
- is there a further solution, i'm not aware of?
- are there some aspects of the 'Pros' and 'Cons' i'm not aware of?
Thank you!