From 4f2c3e4783524e4cbbbee8fa44757ce8bd96c9bc Mon Sep 17 00:00:00 2001 From: David Berg Date: Mon, 31 Jan 2022 15:27:40 -0500 Subject: [PATCH 1/4] updated brackets in OAuth Authentication --- docs/security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security.rst b/docs/security.rst index 54cae1bb0..b7d3a22be 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -224,7 +224,7 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo 'scope': 'openid email aws.cognito.signin.user.admin' }, 'access_token_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/token', - 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize', + 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize'} } ] From e50ec79f706d927ebd220c6a6e124cf3abde78ac Mon Sep 17 00:00:00 2001 From: David Berg <55707664+davidnateberg@users.noreply.github.com> Date: Mon, 14 Feb 2022 14:04:31 -0500 Subject: [PATCH 2/4] aligned bracket with 'remote_app' pretty sure thats aligned correctly but sorry if it still isn't hah --- docs/security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security.rst b/docs/security.rst index b7d3a22be..068b0ae1d 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -225,7 +225,7 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo }, 'access_token_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/token', 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize'} - } + } ] This needs a small explanation, you basically have five special keys: From 7359f2137a3b7fbf21ba7a779f9bd34789bd3fe3 Mon Sep 17 00:00:00 2001 From: David Berg Date: Mon, 21 Feb 2022 10:25:33 -0500 Subject: [PATCH 3/4] Properly aligned brackets, for real this time. --- docs/security.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/security.rst b/docs/security.rst index 068b0ae1d..55cf23c78 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -224,8 +224,9 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo 'scope': 'openid email aws.cognito.signin.user.admin' }, 'access_token_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/token', - 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize'} + 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize' } + } ] This needs a small explanation, you basically have five special keys: From bed09229ee4544c3b993a76996ae74d9406d12f5 Mon Sep 17 00:00:00 2001 From: David Berg Date: Thu, 24 Feb 2022 10:32:27 -0500 Subject: [PATCH 4/4] updated security.rst OAUTH_PROVIDERS brackets again --- docs/security.rst | 122 ++++++++++++++++++++++++---------------------- 1 file changed, 64 insertions(+), 58 deletions(-) diff --git a/docs/security.rst b/docs/security.rst index 55cf23c78..acac36291 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -165,68 +165,74 @@ Specify a list of OAUTH_PROVIDERS in **config.py** that you want to allow for yo # the list of providers which the user can choose from OAUTH_PROVIDERS = [ - {'name':'twitter', 'icon':'fa-twitter', - 'token_key':'oauth_token', - 'remote_app': { - 'client_id':'TWITTER_KEY', - 'client_secret':'TWITTER_SECRET', - 'api_base_url':'https://api.twitter.com/1.1/', - 'request_token_url':'https://api.twitter.com/oauth/request_token', - 'access_token_url':'https://api.twitter.com/oauth/access_token', - 'authorize_url':'https://api.twitter.com/oauth/authenticate'} + { + "name": "twitter", + "icon": "fa-twitter", + "token_key": "oauth_token", + "remote_app": { + "client_id": "TWITTER_KEY", + "client_secret": "TWITTER_SECRET", + "api_base_url": "https://api.twitter.com/1.1/", + "request_token_url": "https://api.twitter.com/oauth/request_token", + "access_token_url": "https://api.twitter.com/oauth/access_token", + "authorize_url": "https://api.twitter.com/oauth/authenticate", + }, }, - {'name':'google', 'icon':'fa-google', - 'token_key':'access_token', - 'remote_app': { - 'client_id':'GOOGLE_KEY', - 'client_secret':'GOOGLE_SECRET', - 'api_base_url':'https://www.googleapis.com/oauth2/v2/', - 'client_kwargs':{ - 'scope': 'email profile' - }, - 'request_token_url':None, - 'access_token_url':'https://accounts.google.com/o/oauth2/token', - 'authorize_url':'https://accounts.google.com/o/oauth2/auth'} + { + "name": "google", + "icon": "fa-google", + "token_key": "access_token", + "remote_app": { + "client_id": "GOOGLE_KEY", + "client_secret": "GOOGLE_SECRET", + "api_base_url": "https://www.googleapis.com/oauth2/v2/", + "client_kwargs": {"scope": "email profile"}, + "request_token_url": None, + "access_token_url": "https://accounts.google.com/o/oauth2/token", + "authorize_url": "https://accounts.google.com/o/oauth2/auth", + }, }, - {'name':'openshift', 'icon':'fa-circle-o', - 'token_key':'access_token', - 'remote_app': { - 'client_id':'system:serviceaccount:mynamespace:mysa', - 'client_secret':'', - 'api_base_url':'https://openshift.default.svc.cluster.local:443', - 'client_kwargs':{ - 'scope': 'user:info' - }, - 'redirect_uri':'https://myapp-mynamespace.apps.', - 'access_token_url':'https://oauth-openshift.apps./oauth/token', - 'authorize_url':'https://oauth-openshift.apps./oauth/authorize', - 'token_endpoint_auth_method':'client_secret_post'} + { + "name": "openshift", + "icon": "fa-circle-o", + "token_key": "access_token", + "remote_app": { + "client_id": "system:serviceaccount:mynamespace:mysa", + "client_secret": "", + "api_base_url": "https://openshift.default.svc.cluster.local:443", + "client_kwargs": {"scope": "user:info"}, + "redirect_uri": "https://myapp-mynamespace.apps.", + "access_token_url": "https://oauth-openshift.apps./oauth/token", + "authorize_url": "https://oauth-openshift.apps./oauth/authorize", + "token_endpoint_auth_method": "client_secret_post", + }, }, - {'name': 'okta', 'icon': 'fa-circle-o', - 'token_key': 'access_token', - 'remote_app': { - 'client_id': 'OKTA_KEY', - 'client_secret': 'OKTA_SECRET', - 'api_base_url': 'https://OKTA_DOMAIN.okta.com/oauth2/v1/', - 'client_kwargs': { - 'scope': 'openid profile email groups' - }, - 'access_token_url': 'https://OKTA_DOMAIN.okta.com/oauth2/v1/token', - 'authorize_url': 'https://OKTA_DOMAIN.okta.com/oauth2/v1/authorize', + { + "name": "okta", + "icon": "fa-circle-o", + "token_key": "access_token", + "remote_app": { + "client_id": "OKTA_KEY", + "client_secret": "OKTA_SECRET", + "api_base_url": "https://OKTA_DOMAIN.okta.com/oauth2/v1/", + "client_kwargs": {"scope": "openid profile email groups"}, + "access_token_url": "https://OKTA_DOMAIN.okta.com/oauth2/v1/token", + "authorize_url": "https://OKTA_DOMAIN.okta.com/oauth2/v1/authorize", + }, + }, + { + "name": "aws_cognito", + "icon": "fa-amazon", + "token_key": "access_token", + "remote_app": { + "client_id": "COGNITO_CLIENT_ID", + "client_secret": "COGNITO_CLIENT_SECRET", + "api_base_url": "https://COGNITO_APP.auth.REGION.amazoncognito.com/", + "client_kwargs": {"scope": "openid email aws.cognito.signin.user.admin"}, + "access_token_url": "https://COGNITO_APP.auth.REGION.amazoncognito.com/token", + "authorize_url": "https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize", + }, }, - {'name': 'aws_cognito', 'icon': 'fa-amazon', - 'token_key': 'access_token', - 'remote_app': { - 'client_id': 'COGNITO_CLIENT_ID', - 'client_secret': 'COGNITO_CLIENT_SECRET', - 'api_base_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/', - 'client_kwargs': { - 'scope': 'openid email aws.cognito.signin.user.admin' - }, - 'access_token_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/token', - 'authorize_url': 'https://COGNITO_APP.auth.REGION.amazoncognito.com/authorize' - } - } ] This needs a small explanation, you basically have five special keys: