move oauth connector doc to dex website repo
move default key values configure to connector construct function Signed-off-by: Rui Yang <ruiya@vmware.com>
This commit is contained in:
parent
49cb30af26
commit
8ea121b45a
@ -71,7 +71,7 @@ Dex implements the following connectors:
|
|||||||
| [SAML 2.0](https://dexidp.io/docs/connectors/saml/) | no | yes | no | stable | WARNING: Unmaintained and likely vulnerable to auth bypasses ([#1884](https://github.com/dexidp/dex/discussions/1884)) |
|
| [SAML 2.0](https://dexidp.io/docs/connectors/saml/) | no | yes | no | stable | WARNING: Unmaintained and likely vulnerable to auth bypasses ([#1884](https://github.com/dexidp/dex/discussions/1884)) |
|
||||||
| [GitLab](https://dexidp.io/docs/connectors/gitlab/) | yes | yes | yes | beta | |
|
| [GitLab](https://dexidp.io/docs/connectors/gitlab/) | yes | yes | yes | beta | |
|
||||||
| [OpenID Connect](https://dexidp.io/docs/connectors/oidc/) | yes | yes | yes | beta | Includes Salesforce, Azure, etc. |
|
| [OpenID Connect](https://dexidp.io/docs/connectors/oidc/) | yes | yes | yes | beta | Includes Salesforce, Azure, etc. |
|
||||||
| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth.md) | no | yes | yes | beta | |
|
| [OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | |
|
||||||
| [Google](https://dexidp.io/docs/connectors/google/) | yes | yes | yes | alpha | |
|
| [Google](https://dexidp.io/docs/connectors/google/) | yes | yes | yes | alpha | |
|
||||||
| [LinkedIn](https://dexidp.io/docs/connectors/linkedin/) | yes | no | no | beta | |
|
| [LinkedIn](https://dexidp.io/docs/connectors/linkedin/) | yes | no | no | beta | |
|
||||||
| [Microsoft](https://dexidp.io/docs/connectors/microsoft/) | yes | yes | no | beta | |
|
| [Microsoft](https://dexidp.io/docs/connectors/microsoft/) | yes | yes | no | beta | |
|
||||||
@ -81,7 +81,7 @@ Dex implements the following connectors:
|
|||||||
| [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config |
|
| [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config |
|
||||||
| [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | alpha | |
|
| [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | alpha | |
|
||||||
| [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | |
|
| [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | |
|
||||||
| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha |
|
| [Generic OAuth 2.0](https://dexidp.io/docs/connectors/oauth/) | no | yes | yes | alpha | |
|
||||||
|
|
||||||
Stable, beta, and alpha are defined as:
|
Stable, beta, and alpha are defined as:
|
||||||
|
|
||||||
|
@ -65,6 +65,30 @@ type Config struct {
|
|||||||
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
|
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
|
if c.UserIDKey == "" {
|
||||||
|
c.UserIDKey = "id"
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.ClaimMapping.UserNameKey == "" {
|
||||||
|
c.ClaimMapping.UserNameKey = "user_name"
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.ClaimMapping.PreferredUsernameKey == "" {
|
||||||
|
c.ClaimMapping.PreferredUsernameKey = "preferred_username"
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.ClaimMapping.GroupsKey == "" {
|
||||||
|
c.ClaimMapping.GroupsKey = "groups"
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.ClaimMapping.EmailKey == "" {
|
||||||
|
c.ClaimMapping.EmailKey = "email"
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.ClaimMapping.EmailVerifiedKey == "" {
|
||||||
|
c.ClaimMapping.EmailVerifiedKey = "email_verified"
|
||||||
|
}
|
||||||
|
|
||||||
oauthConn := &oauthConnector{
|
oauthConn := &oauthConnector{
|
||||||
clientID: c.ClientID,
|
clientID: c.ClientID,
|
||||||
clientSecret: c.ClientSecret,
|
clientSecret: c.ClientSecret,
|
||||||
@ -181,36 +205,12 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
|
|||||||
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
|
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.userIDKey == "" {
|
|
||||||
c.userIDKey = "id"
|
|
||||||
}
|
|
||||||
|
|
||||||
userID, found := userInfoResult[c.userIDKey].(string)
|
userID, found := userInfoResult[c.userIDKey].(string)
|
||||||
if !found {
|
if !found {
|
||||||
return identity, fmt.Errorf("OAuth Connector: not found %v claim", c.userIDKey)
|
return identity, fmt.Errorf("OAuth Connector: not found %v claim", c.userIDKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
identity.UserID = userID
|
identity.UserID = userID
|
||||||
if c.userNameKey == "" {
|
|
||||||
c.userNameKey = "user_name"
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.preferredUsernameKey == "" {
|
|
||||||
c.preferredUsernameKey = "preferred_username"
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.groupsKey == "" {
|
|
||||||
c.groupsKey = "groups"
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.emailKey == "" {
|
|
||||||
c.emailKey = "email"
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.emailVerifiedKey == "" {
|
|
||||||
c.emailVerifiedKey = "email_verified"
|
|
||||||
}
|
|
||||||
|
|
||||||
identity.Username, _ = userInfoResult[c.userNameKey].(string)
|
identity.Username, _ = userInfoResult[c.userNameKey].(string)
|
||||||
identity.PreferredUsername, _ = userInfoResult[c.preferredUsernameKey].(string)
|
identity.PreferredUsername, _ = userInfoResult[c.preferredUsernameKey].(string)
|
||||||
identity.Email, _ = userInfoResult[c.emailKey].(string)
|
identity.Email, _ = userInfoResult[c.emailKey].(string)
|
||||||
|
@ -1,64 +0,0 @@
|
|||||||
# Authentication using Generic OAuth 2.0 provider
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
Dex users can make use of this connector to work with standards-compliant [OAuth 2.0](https://oauth.net/2/) authorization provider, in case of that authorization provider is not in the Dex connectors list.
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
The following is an example of a configuration for using OAuth connector with Reddit.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
connectors:
|
|
||||||
- type: oauth
|
|
||||||
# ID of OAuth 2.0 provider
|
|
||||||
id: reddit
|
|
||||||
# Name of OAuth 2.0 provider
|
|
||||||
name: reddit
|
|
||||||
config:
|
|
||||||
# Connector config values starting with a "$" will read from the environment.
|
|
||||||
clientID: $REDDIT_CLIENT_ID
|
|
||||||
clientSecret: $REDDIT_CLIENT_SECRET
|
|
||||||
redirectURI: http://127.0.0.1:5556/callback
|
|
||||||
|
|
||||||
tokenURL: https://www.reddit.com/api/v1/access_token
|
|
||||||
authorizationURL: https://www.reddit.com/api/v1/authorize
|
|
||||||
userInfoURL: https: https://www.reddit.com/api/v1/me
|
|
||||||
|
|
||||||
# Optional: Specify whether to communicate to Auth provider without validating SSL certificates
|
|
||||||
# insecureSkipVerify: false
|
|
||||||
|
|
||||||
# Optional: The location of file containing SSL certificates to commmunicate to Auth provider
|
|
||||||
# rootCAs: /etc/ssl/reddit.pem
|
|
||||||
|
|
||||||
# Optional: List of scopes to request Auth provider for access user account
|
|
||||||
# scopes:
|
|
||||||
# - identity
|
|
||||||
|
|
||||||
# Optional: Configurable keys for user ID look up
|
|
||||||
# Default: id
|
|
||||||
# userIDKey:
|
|
||||||
|
|
||||||
# Auth roviders return non-standard user identity profile
|
|
||||||
# Use claimMapping to map those user infomations to standard claims:
|
|
||||||
claimMapping:
|
|
||||||
# Optional: Configurable keys for user name look up
|
|
||||||
# Default: user_name
|
|
||||||
# userNameKey:
|
|
||||||
|
|
||||||
# Optional: Configurable keys for preferred username look up
|
|
||||||
# Default: preferred_username
|
|
||||||
# preferredUsernameKey:
|
|
||||||
|
|
||||||
# Optional: Configurable keys for user groups look up
|
|
||||||
# Default: groups
|
|
||||||
# groupsKey:
|
|
||||||
|
|
||||||
# Optional: Configurable keys for email look up
|
|
||||||
# Default: email
|
|
||||||
# emailKey:
|
|
||||||
|
|
||||||
# Optional: Configurable keys for email verified look up
|
|
||||||
# Default: email_verified
|
|
||||||
# emailVerifiedKey:
|
|
||||||
```
|
|
Reference in New Issue
Block a user