tyler.durden
/
dashy
mirror of https://github.com/Lissy93/dashy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔧 add OIDC scope option

This commit is contained in:
noway_/ 2024-07-16 14:00:03 +02:00
parent 66dac6ff6d
commit 9547c3baec
4 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/authentication.md
View File

@ -15,6 +15,7 @@
- [Setting up Keycloak](#2-setup-keycloak-users) - [Setting up Keycloak](#2-setup-keycloak-users)
- [Configuring Dashy for Keycloak](#3-enable-keycloak-in-dashy-config-file) - [Configuring Dashy for Keycloak](#3-enable-keycloak-in-dashy-config-file)
- [Toubleshooting Keycloak](#troubleshooting-keycloak) - [Toubleshooting Keycloak](#troubleshooting-keycloak)
- [OpenID Connect](#oidc)
- [Alternative Authentication Methods](#alternative-authentication-methods) - [Alternative Authentication Methods](#alternative-authentication-methods)
- [VPN](#vpn) - [VPN](#vpn)
- [IP-Based Access](#ip-based-access) - [IP-Based Access](#ip-based-access)
@ -283,6 +284,7 @@ appConfig:
oidc: oidc:
clientId: [registered client id] clientId: [registered client id]
endpoint: [OIDC endpoint] endpoint: [OIDC endpoint]
scope: [The scope(s) to request from the OIDC provider]
``` ```
Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed. Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.

1
docs/configuring.md
View File

@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
--- | --- | --- | --- --- | --- | --- | ---
**`clientId`** | `string` | Required | The client id registered in the OIDC server **`clientId`** | `string` | Required | The client id registered in the OIDC server
**`endpoint`** | `string` | Required | The URL of the OIDC server that should be used. **`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
**[⬆️ Back to Top](#configuring)** **[⬆️ Back to Top](#configuring)**

7
src/utils/ConfigSchema.json
View File

@ -565,7 +565,12 @@
"title": "OIDC Client Id", "title": "OIDC Client Id",
"type": "string", "type": "string",
"description": "ClientId from OIDC provider" "description": "ClientId from OIDC provider"
} },
"scope" : {
"title": "OIDC Scope",
"type": "string",
"description": "The scope(s) to request from the OIDC provider"
}
} }
}, },
"enableHeaderAuth": { "enableHeaderAuth": {

4
src/utils/OidcAuth.js
View File

@ -13,14 +13,14 @@ const getAppConfig = () => {
class OidcAuth { class OidcAuth {
constructor() { constructor() {
const { auth } = getAppConfig(); const { auth } = getAppConfig();
const { clientId, endpoint } = auth.oidc; const { clientId, endpoint, scope } = auth.oidc;
const settings = { const settings = {
userStore: new WebStorageStateStore({ store: window.localStorage }), userStore: new WebStorageStateStore({ store: window.localStorage }),
authority: endpoint, authority: endpoint,
client_id: clientId, client_id: clientId,
redirect_uri: `${window.location.origin}`, redirect_uri: `${window.location.origin}`,
response_type: 'code', response_type: 'code',
scope: 'openid profile email roles groups', scope,
response_mode: 'query', response_mode: 'query',
filterProtocolClaims: true, filterProtocolClaims: true,
}; };