Skip to content

Commit

Permalink
support oauth and oidc authentication (h44z#1)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gandalfmagic
gandalfmagic committed Jan 5, 2022
1 parent 5d4d06d commit dc6038b
Show file tree
Hide file tree
Showing 25 changed files with 1,775 additions and 31 deletions.
56 changes: 56 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,19 @@ The following configuration options are available:
| LDAP_ATTR_LASTNAME | attrLastname | ldap | sn | User lastname attribute. |
| LDAP_ATTR_PHONE | attrPhone | ldap | telephoneNumber | User phone number attribute. |
| LDAP_ATTR_GROUPS | attrGroups | ldap | memberOf | User groups attribute. |
| OAUTH_REDIRECT_URL | redirectURL | oauth | /callback | Redirect URL for all the OAuth2 and OpenID login services. |
| OAUTH_GITHUB_CLIENT_ID | github.clientID | oauth | clientid | ClientID for OAuth2 authentication with GitHub. |
| OAUTH_GITHUB_CLIENT_SECRET | github.clientSecret | oauth | supersecret | ClientSecret for OAuth2 authentication with GitHub. |
| OAUTH_GITHUB_CREATE_USERS | github.createUsers | oauth | false | A user logged in with Google OAuth2 should be created automatically when it doesn't exist before. |
| OAUTH_GITHUB_ENABLED | github.enabled | oauth | false | Enable GitHub OAuth2 authentication. |
| OAUTH_GOOGLE_CLIENT_ID | google.clientID | oauth | clientid | ClientID for OAuth2 authentication with Google. |
| OAUTH_GOOGLE_CLIENT_SECRET | google.clientSecret | oauth | supersecret | ClientSecret for OAuth2 authentication with Google. |
| OAUTH_GOOGLE_CREATE_USERS | google.createUsers | oauth | false | A user logged in with Google OAuth2 should be created automatically when it doesn't exist before. |
| OAUTH_GOOGLE_ENABLED | google.enabled | oauth | false | Enable Google OAuth2 authentication. |
| OAUTH_GITLAB_CLIENT_ID | gitlab.clientID | oauth | clientid | ClientID for OAuth2 authentication with Gitlab. |
| OAUTH_GITLAB_CLIENT_SECRET | gitlab.clientSecret | oauth | supersecret | ClientSecret for OAuth2 authentication with Gitlab. |
| OAUTH_GITLAB_CREATE_USERS | gitlab.createUsers | oauth | false | A user logged in with Gitlab OAuth2 should be created automatically when it doesn't exist before. |
| OAUTH_GITLAB_ENABLED | gitlab.enabled | oauth | false | Enable Gitlab OAuth2 authentication. |
| LOG_LEVEL | | | debug | Specify log level, one of: trace, debug, info, off. |
| LOG_JSON | | | false | Format log output as JSON. |
| LOG_COLOR | | | true | Colorize log output. |
Expand Down Expand Up @@ -183,6 +196,40 @@ ldap:
database:
typ: sqlite
database: data/wg_portal.db
oauth:
redirectURL: /callback
github:
enabled: false
createUsers: false
clientID: clientid
clientSecret: supersecret
google:
enabled: false
createUsers: false
clientID: clientid
clientSecret: supersecret
gitlab:
enabled: false
createUsers: false
clientID: clientid
clientSecret: supersecret
oidc:
# example for Keycloak as OIDC provider
- discoveryURL: https://keycloakserver/auth/realms/realmname
createUsers: true
clientID: clientid
clientSecret: supersecret
button:
icon: keycloak
label: Sign In with Keycloak
# example for Google as OIDC provider
- discoveryURL: https://accounts.google.com
createUsers: false
clientID: clientid
clientSecret: supersecret
button:
icon: openid
label: Sign In with Google
email:
host: smtp.gmail.com
port: 587
Expand All @@ -198,6 +245,15 @@ wg:
manageIPAddresses: true
```
### OAuth2 and OpenID Connect (OIDC) authentication
When you activate OAuth2 or an OpenID service, you must provide a valid `redirectURL` in the authentication server configuration.

The redirect URL is the same for all the login service you want to support (OAuth2 and OpenID): `${externalUrl}/oauth/callback`

You can customize the value changing the `/callback` part at the end.
To do so you must use the configuration parameter `oauth.redirectURL`, or the environment variable `OAUTH_REDIRECT_URL`.

### RESTful API
WireGuard Portal offers a RESTful API to interact with.
The API is documented using OpenAPI 2.0, the Swagger UI can be found
Expand Down
1 change: 1 addition & 0 deletions assets/css/bootstrap-social.min.css
View file

Large diffs are not rendered by default.

41 changes: 40 additions & 1 deletion assets/css/signin.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,43 @@
.navbar-brand > img {
height: 2rem;
width: auto;
}
}

.login-container {
-ms-flex-direction: column !important;
flex-direction: column !important
}

@media (min-width: 576px) {
.login-container {
-ms-flex-direction: row !important;
flex-direction: row !important
}
}

.btn-social.btn-sm>:first-child {
width: 32px;
line-height: 34px;
font-size: 1.6em;
}

.btn-openid {
background: #f2f2f2;
color: #000;
}
.btn-openid:hover {
background: #e7e7e7;
color: #000;
}

.logo-keycloak {
background: url('/img/keycloak-logo.svg') no-repeat 6px 8px;
background-size: 18px 18px;
color: #000;
}

.logo-openid {
background: url('/img/openid-logo.svg') no-repeat 6px 8px;
background-size: 16px 16px;
color: #000;
}
1 change: 1 addition & 0 deletions assets/img/keycloak-logo.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
78 changes: 78 additions & 0 deletions assets/img/openid-logo.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit dc6038b

Please sign in to comment.