Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

OAuth Manager and OAuth2/OpenID connect Plugin #156

Draft
wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

OAuth Manager and OAuth2/OpenID connect Plugin #156

wants to merge 10 commits into from

Conversation

markus-96
Copy link

Added the possibility to define OAuth Providers as authentication backend.

/etc/kvmd/auth.yaml has to look like the following:

oauth:
  enabled: true
  providers:
    github:
      type: oauth2
      client_id: myclient
      client_secret: mysecret123
      access_token_url: https://github.com/#/oauth/access_token
      authorize_url: https://github.com/#/oauth/authorize
      base_url: https://github.com/
      user_info_url: https://api.github.com/user
      long_name: GitHub
      scope: openid user
      username_attribute: email
    keycloak:
      type: oauth2
      client_id: client2
      client_secret: str
      access_token_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/token
      authorize_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/auth
      base_url: https://sso.keycloak.my.tld/
      user: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/
      long_name: My Keycloak
      scope: openid profile
      username_attribute: sub

It will define two Providers. Both are identified by the key for their config dict, so we have two: keycloak and github The first one, GitHub, is accessable with https://<PiKVM>/api/auth/oauth/#/github, the second one, Keycloak, with https://<PiKVM>/api/auth/oauth/#/keycloak. The callback urls are https://<PiKVM>/api/auth/oauth/callback/<provider-key>.

The oauth2 plugin implements the authorization code flow.

Markus Beckschulte and others added 6 commits January 23, 2024 13:37
first oauth commit
fd91fce
move access_token to header
ac6c12e 
see https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
remove stupid logs
5680c45
pylint, flake8, mypy satisfaction
63bef36 
still having three errors with mypy:
kvmd\plugins\auth\oauth2.py:142: error: Function is missing a return type annotation  [no-untyped-def]
kvmd\apps\kvmd\oauth.py:102: error: Function is missing a return type annotation  [no-untyped-def]
kvmd\apps\kvmd\oauth.py:117: error: Function is missing a return type annotation  [no-untyped-def]
@markus-96
Merge branch 'pikvm:master' into oauth
4fbecd2
@markus-96
Merge branch 'pikvm:master' into oauth
25d1a43
@mdevaev
Copy link
Member

mdevaev commented Feb 7, 2024

Jfyi I don't forget about it, just very busy with other tasks.

@markus-96
Copy link
Author

Jfyi I don't forget about it, just very busy with other tasks.

If you were notified by my merges of upstream, sry for that. Had to do the merges because otherwise I was not able to get it running on actual hardware. Take your time, I only was in a hurry when writing the code and getting it on the pi.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markus-96 @mdevaev