-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
请问是否可以开发支持通用的OAuth? 近期是否有计划?谢谢! #23
Comments
本身是支持通过配置来适配其他的 OAuth 提供方的,你可以详细描述一下你期望的使用方式。 |
@ruibaby 老大好! ~ 我的场景是,我自身有一套内部的IDaaS身份认证系统,想通过OAuth来进行内部用户的登录认证。 |
Hi @DarkWayne ,你可以试试根据下面的 AuthProvider 样例自己配置一个符合你的认证系统的 AuthProvider: apiVersion: auth.halo.run/v1alpha1
kind: AuthProvider
metadata:
+ name: gitlab
labels:
auth.halo.run/auth-binding: "true"
spec:
+ displayName: GitLab
+ description: GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software.
+ logo: /plugins/plugin-oauth2/assets/static/gitlab.svg
+ website: https://gitlab.com
+ authenticationUrl: /oauth2/authorization/gitlab
+ bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/gitlab
+ unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/gitlab
settingRef:
name: generic-oauth2-setting
group: genericOauth
configMapRef:
+ name: oauth2-gitlab-config 然后通过 API 创建对应的 AuthProvider,示例如下(需要自行替换 URL、用户名和密码、请求体): curl -X 'POST' \
'http://localhost:8090/apis/auth.halo.run/v1alpha1/authproviders' \
-u admin:admin \
-H 'accept: */*' \
-H 'Content-Type: */*' \
-d '{
"apiVersion": "auth.halo.run/v1alpha1",
"kind": "AuthProvider",
"metadata": {
"name": "gitlab",
"labels": {
"auth.halo.run/auth-binding": "true"
}
},
"spec": {
"displayName": "GitLab",
"description": "GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software.",
"logo": "/plugins/plugin-oauth2/assets/static/gitlab.svg",
"website": "https://gitlab.com",
"authenticationUrl": "/oauth2/authorization/gitlab",
"bindingUrl": "/apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/gitlab",
"unbindUrl": "/apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/gitlab",
"settingRef": {
"name": "generic-oauth2-setting",
"group": "genericOauth"
},
"configMapRef": {
"name": "oauth2-gitlab-config"
}
}
}' |
@JohnNiang 感谢啊! |
Hi @DarkWayne ,还需要创建一个 Oauth2ClientRegistration 才行,示例如下: apiVersion: oauth.halo.run/v1alpha1
kind: Oauth2ClientRegistration
metadata:
name: gitlab
spec:
clientAuthenticationMethod: "client_secret_basic"
authorizationGrantType: "authorization_code"
redirectUri: "{baseUrl}/login/oauth2/code/gitlab"
scopes:
- "read_user"
authorizationUri: "https://gitlab.com/oauth/authorize"
tokenUri: "https://gitlab.com/oauth/token"
userInfoUri: "https://gitlab.com/api/v4/user"
userInfoAuthenticationMethod: "header"
userNameAttributeName: "username"
clientName: "GitLab" |
@JohnNiang @ruibaby 大神好!我已经做了一下尝试,目前本地的认证服务已通过配置接入了,已经可获取内部用户凭证和信息。 但是仍有个问题,就是无法向halo里自动同步注册用户,看咱们的插件是否有什么解决方案或计划 |
@JohnNiang @ruibaby 两位有空帮回复一下[拱手] |
/cc @guqing |
你想实现使用 IDaas 已有账户就能登录到 Halo,可能需要一个类似自动注册的功能,比如登录时没有账号就自动注册 Halo 账号关联它,但是目前不支持自动注册只支持先创建 Halo 账号然后绑定第三方账号实现登录或者登录时没有账号需要注册再绑定。 自动注册的功能有计划支持,会提供一个选项比如开启自动注册后使用 OAuth2 登录时自动创建 Halo 账号 |
@guqing 感谢感谢!看后续计划的大时间概会很久么? |
不确定,因为目前要维护的仓库实在太多了,主要还是先紧 halo-dev/halo 主仓库的维护 |
/reopen |
@guqing: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
同样需要自定义OAuth和OICD |
1 similar comment
同样需要自定义OAuth和OICD |
同样需要自定义OAuth和OICD |
/ping @halo-sigs/halo ,可以考虑在 Console 端提供新增 ClientRegistration 和 AuthProvider 的功能了。 |
暂时没时间,建议按照 #71 自行编译这个插件。 |
如果可以接受的话,暂时先用 https://www.halo.run/store/apps/app-MrbzY 插件手动创建(修改)自定义 OAuth2ClientRegistration 和 AuthProvider。 |
Hi @Corps-Cy ,建议重新提交 Issue。另外,需要提供足够多的信息,例如日志。
|
|
请问是否可以开发支持通用的OAuth(接入三方OAuth认证体系)? 近期是否有计划?望答复,谢谢!~~
The text was updated successfully, but these errors were encountered: