Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth Manager and OAuth2/OpenID connect Plugin #156

Draft
wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

OAuth Manager and OAuth2/OpenID connect Plugin #156

wants to merge 10 commits into from

Conversation

markus-96
Copy link

Added the possibility to define OAuth Providers as authentication backend.

/etc/kvmd/auth.yaml has to look like the following:

oauth:
  enabled: true
  providers:
    github:
      type: oauth2
      client_id: myclient
      client_secret: mysecret123
      access_token_url: https://github.com/login/oauth/access_token
      authorize_url: https://github.com/login/oauth/authorize
      base_url: https://github.com/
      user_info_url: https://api.github.com/user
      long_name: GitHub
      scope: openid user
      username_attribute: email
    keycloak:
      type: oauth2
      client_id: client2
      client_secret: str
      access_token_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/token
      authorize_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/auth
      base_url: https://sso.keycloak.my.tld/
      user: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/
      long_name: My Keycloak
      scope: openid profile
      username_attribute: sub

It will define two Providers. Both are identified by the key for their config dict, so we have two: keycloak and github The first one, GitHub, is accessable with https://<PiKVM>/api/auth/oauth/login/github, the second one, Keycloak, with https://<PiKVM>/api/auth/oauth/login/keycloak. The callback urls are https://<PiKVM>/api/auth/oauth/callback/<provider-key>.

The oauth2 plugin implements the authorization code flow.

Markus Beckschulte and others added 6 commits January 23, 2024 13:37
first oauth commit
fd91fce
move access_token to header
ac6c12e 
see https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
remove stupid logs
5680c45
pylint, flake8, mypy satisfaction
63bef36 
still having three errors with mypy:
kvmd\plugins\auth\oauth2.py:142: error: Function is missing a return type annotation  [no-untyped-def]
kvmd\apps\kvmd\oauth.py:102: error: Function is missing a return type annotation  [no-untyped-def]
kvmd\apps\kvmd\oauth.py:117: error: Function is missing a return type annotation  [no-untyped-def]
@markus-96
Merge branch 'pikvm:master' into oauth
4fbecd2
@markus-96
Merge branch 'pikvm:master' into oauth
25d1a43
@mdevaev
Copy link
Member

mdevaev commented Feb 7, 2024

Jfyi I don't forget about it, just very busy with other tasks.

@markus-96
Copy link
Author

Jfyi I don't forget about it, just very busy with other tasks.

If you were notified by my merges of upstream, sry for that. Had to do the merges because otherwise I was not able to get it running on actual hardware. Take your time, I only was in a hurry when writing the code and getting it on the pi.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@markus-96 @mdevaev