请问是否可以开发支持通用的OAuth? 近期是否有计划?谢谢! #23
Comments
|
本身是支持通过配置来适配其他的 OAuth 提供方的,你可以详细描述一下你期望的使用方式。 |
ruibaby
added
kind/feature
|
@ruibaby 老大好! ~ 我的场景是,我自身有一套内部的IDaaS身份认证系统,想通过OAuth来进行内部用户的登录认证。 |
|
Hi @DarkWayne ,你可以试试根据下面的 AuthProvider 样例自己配置一个符合你的认证系统的 AuthProvider: apiVersion: auth.halo.run/v1alpha1
kind: AuthProvider
metadata:
+ name: gitlab
labels:
auth.halo.run/auth-binding: "true"
spec:
+ displayName: GitLab
+ description: GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software.
+ logo: /plugins/plugin-oauth2/assets/static/gitlab.svg
+ website: https://gitlab.com
+ authenticationUrl: /oauth2/authorization/gitlab
+ bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/gitlab
+ unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/gitlab
settingRef:
name: generic-oauth2-setting
group: genericOauth
configMapRef:
+ name: oauth2-gitlab-config然后通过 API 创建对应的 AuthProvider,示例如下(需要自行替换 URL、用户名和密码、请求体): curl -X 'POST' \
'http://localhost:8090/apis/auth.halo.run/v1alpha1/authproviders' \
-u admin:admin \
-H 'accept: */*' \
-H 'Content-Type: */*' \
-d '{
"apiVersion": "auth.halo.run/v1alpha1",
"kind": "AuthProvider",
"metadata": {
"name": "gitlab",
"labels": {
"auth.halo.run/auth-binding": "true"
}
},
"spec": {
"displayName": "GitLab",
"description": "GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software.",
"logo": "/plugins/plugin-oauth2/assets/static/gitlab.svg",
"website": "https://gitlab.com",
"authenticationUrl": "/oauth2/authorization/gitlab",
"bindingUrl": "/apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/gitlab",
"unbindUrl": "/apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/gitlab",
"settingRef": {
"name": "generic-oauth2-setting",
"group": "genericOauth"
},
"configMapRef": {
"name": "oauth2-gitlab-config"
}
}
}' |
|
@JohnNiang 感谢啊! |
|
Hi @DarkWayne ,还需要创建一个 Oauth2ClientRegistration 才行,示例如下: apiVersion: oauth.halo.run/v1alpha1
kind: Oauth2ClientRegistration
metadata:
name: gitlab
spec:
clientAuthenticationMethod: "client_secret_basic"
authorizationGrantType: "authorization_code"
redirectUri: "{baseUrl}/login/oauth2/code/gitlab"
scopes:
- "read_user"
authorizationUri: "https://gitlab.com/oauth/authorize"
tokenUri: "https://gitlab.com/oauth/token"
userInfoUri: "https://gitlab.com/api/v4/user"
userInfoAuthenticationMethod: "header"
userNameAttributeName: "username"
clientName: "GitLab" |
|
@JohnNiang @ruibaby 大神好!我已经做了一下尝试,目前本地的认证服务已通过配置接入了,已经可获取内部用户凭证和信息。 但是仍有个问题,就是无法向halo里自动同步注册用户,看咱们的插件是否有什么解决方案或计划 |
@JohnNiang @ruibaby 两位有空帮回复一下[拱手] |
|
/cc @guqing |
|
你想实现使用 IDaas 已有账户就能登录到 Halo,可能需要一个类似自动注册的功能,比如登录时没有账号就自动注册 Halo 账号关联它,但是目前不支持自动注册只支持先创建 Halo 账号然后绑定第三方账号实现登录或者登录时没有账号需要注册再绑定。 自动注册的功能有计划支持,会提供一个选项比如开启自动注册后使用 OAuth2 登录时自动创建 Halo 账号 |
|
@guqing 感谢感谢!看后续计划的大时间概会很久么? |
不确定,因为目前要维护的仓库实在太多了,主要还是先紧 halo-dev/halo 主仓库的维护 |
|
/reopen |
|
@guqing: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
同样需要自定义OAuth和OICD |
1 similar comment
|
同样需要自定义OAuth和OICD |
|
同样需要自定义OAuth和OICD |
请问是否可以开发支持通用的OAuth(接入三方OAuth认证体系)? 近期是否有计划?望答复,谢谢!~~
The text was updated successfully, but these errors were encountered: