|
|
|
@ -98,6 +98,76 @@ const auth_config = {
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
starship_oauth: {
|
|
|
|
|
type: 'Oauth2Provider',
|
|
|
|
|
enable: env('AUTH_COREID_ENABLE', false),
|
|
|
|
|
|
|
|
|
|
source_name: env('AUTH_COREID_SOURCE_NAME', 'Starship CoreID'),
|
|
|
|
|
source_client_id: env('AUTH_COREID_CLIENT_ID'),
|
|
|
|
|
source_client_secret: env('AUTH_COREID_CLIENT_SECRET'),
|
|
|
|
|
|
|
|
|
|
// Login page destination where the user will be redirected to on login
|
|
|
|
|
// %c will be interpolated with the client id
|
|
|
|
|
// %r will be interpolated with the redirect callback url
|
|
|
|
|
// NOTE: This url is the same as the login page - /auth/oauth2/login
|
|
|
|
|
source_login_page: env('AUTH_COREID_LOGIN_REDIRECT', 'https://coreid.garrettmills.dev/auth/service/oauth2/authorize?client_id=%c&redirect_uri=%r'),
|
|
|
|
|
|
|
|
|
|
// Information about the OAuth2 Callback
|
|
|
|
|
callback: {
|
|
|
|
|
// URL query parameter name with the authorization_code token
|
|
|
|
|
// e.g. ?code=XXXXXXXXXX
|
|
|
|
|
token_key: 'code',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// Information about the endpoint flitter-auth will use to redeem
|
|
|
|
|
// the authorization_code token for a bearer token
|
|
|
|
|
source_token: {
|
|
|
|
|
endpoint: 'https://coreid.garrettmills.dev/auth/service/oauth2/redeem',
|
|
|
|
|
|
|
|
|
|
// Field name where the authorization_code token will be specified in the request
|
|
|
|
|
token_key: 'code',
|
|
|
|
|
|
|
|
|
|
// Field name for the client id
|
|
|
|
|
client_id_key: 'client_id',
|
|
|
|
|
|
|
|
|
|
// Field name for the client secret
|
|
|
|
|
client_secret_key: 'client_secret',
|
|
|
|
|
|
|
|
|
|
// Field name for the grant_type ('authorization_type')
|
|
|
|
|
grant_type_key: 'grant_type',
|
|
|
|
|
|
|
|
|
|
// Field name where the bearer token will be specified in the response
|
|
|
|
|
response_token_key: 'access_token',
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// Information about the endpoint flitter-auth will use to get
|
|
|
|
|
// user information after it retrieves a bearer token
|
|
|
|
|
user_data: {
|
|
|
|
|
endpoint: 'https://coreid.garrettmills.dev/api/v1/auth/users/me',
|
|
|
|
|
method: 'get', // 'get' or 'post' only
|
|
|
|
|
|
|
|
|
|
// In the response data, what key is the user data in?
|
|
|
|
|
// e.g. if 'data', then {'data': { ... }}
|
|
|
|
|
// Set falsy to assume the data exists in the root: { ... }
|
|
|
|
|
data_root: 'data',
|
|
|
|
|
|
|
|
|
|
// Value that prefixes the token in the 'Authorization: ' header.
|
|
|
|
|
// e.g. 'token ' would mean 'token a0fw93ja0w93ja093wj'
|
|
|
|
|
// 'Bearer ' would be 'Bearer 0329j0239dj209j3209jd'
|
|
|
|
|
// token_prefix: 'token ',
|
|
|
|
|
|
|
|
|
|
// Mapping of user model attributes to OAuth2 return data from the endpoint
|
|
|
|
|
// Note that uuid is not allowed, and uid is required
|
|
|
|
|
attributes: {
|
|
|
|
|
uid: 'username',
|
|
|
|
|
first_name: 'first_name',
|
|
|
|
|
last_name: 'last_name',
|
|
|
|
|
email: 'email',
|
|
|
|
|
roles: 'group_ids',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
github_oauth: {
|
|
|
|
|
type: 'Oauth2Provider',
|
|
|
|
|
enable: env('AUTH_OAUTH2_ENABLE', true),
|
|
|
|
|