docs: quick setup steps for github auth (cesanta#234)

dliappis · Jun 1, 2018 · e10780b · e10780b
1 parent 3420ca1
commit e10780b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@ This server fills the gap and implements the protocol described [here](https://g
 Supported authentication methods:
  * Static list of users
  * Google Sign-In (incl. Google for Work / GApps for domain) (documented [here](https://github.com/cesanta/docker_auth/blob/master/examples/reference.yml))
+ * [Github Sign-In](docs/auth-methods.md#github)
  * LDAP bind ([demo](https://github.com/kwk/docker-registry-setup))
  * MongoDB user collection
  * [External program](https://github.com/cesanta/docker_auth/blob/master/examples/ext_auth.sh)

diff --git a/docs/auth-methods.md b/docs/auth-methods.md
@@ -0,0 +1,26 @@
+## Github
+
+First you need to setup a [Github OAuth Application](https://github.com/settings/applications).
+
+- The callback url needs to be `$fqdn:5001/github_auth`
+   - `$fqdn` is the domain where docker_auth is accessed
+   - `5001` or what port is specified in the `server` block
+
+Once you have setup a Github OAuth application you need to add a `github` block to the docker_auth config file:
+
+```yaml
+github_auth:
+  organization: "my-org-name"
+  client_id: "..."
+  client_secret: "..." # or client_secret_file
+  token_db: /data/tokens.db
+```
+
+Then specify what teams can do via acls
+
+```yaml
+acl:
+  - match: {team: "infrastructure"}
+    actions: ["pull", "push"]
+    comment: "Infrastructure team members can push and all images"
+```