The bottom line is that a 3-party authentication provider will tell OpenMRS “this user is authenticated and has those roles”. We consider that the 3-party authentication provider will just refer to exisiting roles. So somehow it needs to know of them in some form, role UUIDs or role names.
When OpenMRS is being told about a successful authentication two situations are possible:
- The user already exists in which case it will be fetched and marked as authenticated.
- The user doesn’t exist yet
In the latter case OpenMRS will have to create the user and assign the roles indicated by the 3-party authentication provider. In the end we need to be able to do the following:
- Fetch a user by username.
- Fetch a role by UUID (and/or by name, ideally).
- Create a new user.
Fetching can perhaps just be done by expanding on
ContextDAO (the same way
getUserByUuid(String) is already part of it).
What about creating a new user, this will obviously leave an audit trail, should this be let to the