Skip to content

Login: Added OAuth support #772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
msquare merged 6 commits into from
Nov 22, 2020
Merged

Login: Added OAuth support #772

msquare merged 6 commits into from
Nov 22, 2020

Conversation

@MyIgel
Copy link
Member

@MyIgel MyIgel commented Nov 15, 2020
edited
Loading

  • Added initial OAuth support (See also oauth support  #215 (oauth support) for ToDo features)
    • Allows to optionally mark as arrived
  • Added Pronoun field at registration
  • Fixed whitespace and line endings in font license file to make the linter happy
  • Reordered some forms on registration page to not confuse Firefox

@MyIgel MyIgel added Priority: High This is urgent and important. Type: Feature An idea for a new feature labels Nov 15, 2020
@MyIgel MyIgel added this to the rC3 milestone Nov 15, 2020
@MyIgel
Copy link
Member Author

MyIgel commented Nov 15, 2020
edited
Loading

A valid config for keycloak would be

<?php

return [
    // "Login using [provider]"
    // '[name]' => [config]
    'oauth' => [
        'keycloak' => [
            // Auth client ID
            'client_id' => 'engelsystem',
            // Auth client secret
            'client_secret' => '[c&p from keycloak]',
            // Authentication URL
            'url_auth' => 'https://auth.mydomain.tld/realms/master/protocol/openid-connect/auth',
            // Token URL
            'url_token' => 'https://auth.mydomain.tld/realms/master/protocol/openid-connect/token',
            // User info URL
            'url_info' => 'https://auth.mydomain.tld/realms/master/protocol/openid-connect/userinfo',
            // Info unique id field
            'id' => 'sub',
            // Info username field (optional)
            'username' => 'preferred_username',
            // Info email field (optional)
            'email' => 'email',
            // Info first name field (optional)
            'first_name' => 'given_name',
            // Info last name field (optional)
            'last_name' => 'family_name',
            // User URL to provider, shown on provider settings page (optional)
            'url' => 'https://auth.mydomain.tld/realms/master/account/',
            // Only show after clicking the page title (optional)
            'hidden' => true,
            // Mark user as arrived when using this provider (optional)
            'mark_arrived' => true,
        ],
    ],
];

Which can be added in keycloak:

Clients -> Create

  • Client ID: engelsystem
  • Client Protocol: openid-connect
  • Root URL: https://engelsystem.mydomain.tld
    -> Save
    In Settings:
  • Access Type: confidential
  • Base URL: / (so that the backend can show the user a link)
    -> save

In Credentials:

  • Copy the secret to use it in the engelsystem config

In mappers:

  • Add Builtin using given name and family name Token mapper

In scope:

  • Disable Full Scope Allowed
  • Assigned Roles: Add offline_access

@msquare
Update additional.po
3506f73 
Small OAuth text changes
msquare
msquare reviewed Nov 22, 2020
View reviewed changes
Copy link
Member

@msquare msquare left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, works out of the box!
Wishes/Suggestions:

  • Add "displayname" to OAuth config, to generate a better login button/config page
  • Add metrics for sso usage
  • Add key icon + sso displayname to userpage header, visible for privilege admin_user

@msquare msquare merged commit 251f2cb into engelsystem:master Nov 22, 2020
@MyIgel MyIgel deleted the oauth branch November 22, 2020 14:04
@msquare msquare mentioned this pull request Apr 16, 2021
Closed
@MyIgel MyIgel mentioned this pull request Aug 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msquare msquare msquare approved these changes

Assignees

No one assigned

Labels

Priority: High This is urgent and important. Type: Feature An idea for a new feature

Projects

None yet

Milestone

rC3

Development

Successfully merging this pull request may close these issues.

2 participants

@MyIgel @msquare