Overview

The Core Platform team has decided to take a closer look at adopting OAuth2 instead of continuing to implement it's own authorization/authentication model.  This page serves as a place to capture relevant information, facilitate discussion, and document decisions.

Goals

• Have agreement on a design by June 26

Background / Links

• https://vertx.io/docs/vertx-auth-oauth2/java/

Authentication

OAuth2 supports password and refresh_token grant types, which more or less align with our current authentication model.  There's always the possibility to expand on the grant types FOLIO supports later, but this allows for a relatively low barrier to entry on the authentication side of things.

Authorization

TBD

JIRAs

• TBD

Open Issues

• TBD