Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ 增加OIDC登入功能 #2028

Merged
merged 19 commits into from
Jan 17, 2023
Merged

✨ 增加OIDC登入功能 #2028

merged 19 commits into from
Jan 17, 2023

Conversation

shing6326
Copy link
Contributor

这个pull request 增加了keycloak / oidc 登入选项, 基本上打开以下参数就可连结keycloak

ENABLE_OIDC="True"
OIDC_RP_ISSUER_URL="https://keycloak.example.com/realms/"
OIDC_RP_CLIENT_ID=""
OIDC_RP_CLIENT_SECRET=""

Copy link
Collaborator

@LeoQuote LeoQuote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

非常感谢你的贡献, 但是这个配置方式好复杂, 你能否实现一个支持 自动发现的配置, 让管理员只填:

  1. discovery url
  2. client id + client secret
  3. kwargs (包括 scope 等)

这些需要的配置实际上都可以通过 requests 请求得到, 实现的难度应该不高

@LeoQuote
Copy link
Collaborator

我个人也很期待这个功能, 内部 oidc 已经有了, 就等这个功能完成, 接入了

@shing6326
Copy link
Contributor Author

好的, 我加一下

@shing6326
Copy link
Contributor Author

除了oidc.auth.OIDCAuthenticationBackend, https://github.com/mozilla/mozilla-django-oidc/blob/main/mozilla_django_oidc/middleware.py 也要调用OIDC_OP_AUTHORIZATION_ENDPOINT, 所以那个requests 只能在settings.py 里面跑

archery/settings.py Outdated Show resolved Hide resolved
@LeoQuote
Copy link
Collaborator

等一下 #2030 这个merge , 需要把 CI 修好

@LeoQuote
Copy link
Collaborator

lint 修一下哈, 你装一下 black 执行下就行了

@shing6326
Copy link
Contributor Author

lint 修一下哈, 你装一下 black 执行下就行了

完成, 謝謝了

@LeoQuote
Copy link
Collaborator

看看测试错误, 关注一下哦

@codecov
Copy link

codecov bot commented Jan 12, 2023

Codecov Report

Base: 75.08% // Head: 75.00% // Decreases project coverage by -0.08% ⚠️

Coverage data is based on head (d32554c) compared to base (c0f41a4).
Patch coverage: 19.04% of modified lines in pull request are covered.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #2028      +/-   ##
==========================================
- Coverage   75.08%   75.00%   -0.09%     
==========================================
  Files         102      102              
  Lines       14759    14779      +20     
==========================================
+ Hits        11082    11085       +3     
- Misses       3677     3694      +17     
Impacted Files Coverage Δ
archery/urls.py 100.00% <ø> (ø)
sql/views.py 64.11% <ø> (ø)
archery/settings.py 62.50% <15.00%> (-13.98%) ⬇️
common/middleware/check_login_middleware.py 100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@shing6326
Copy link
Contributor Author

看看测试错误, 关注一下哦

現在只有code coverage 沒過, 是不是不用管的?

@LeoQuote
Copy link
Collaborator

嗯嗯, 现在可以了

archery/settings.py Outdated Show resolved Hide resolved
Copy link
Collaborator

@LeoQuote LeoQuote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@LeoQuote LeoQuote merged commit 4fdf73c into hhyo:master Jan 17, 2023
@updogliu
Copy link

updogliu commented Feb 7, 2023

When will this feature be released? @LeoQuote

@wjlsq
Copy link

wjlsq commented Sep 12, 2023

@LeoQuote
您好,我想问下,oidc怎么配置?是只需要在.env中添加如下参数就可以吗?下边参数,我应该在oidc管理员处获取到么?
ENABLE_OIDC="True"
OIDC_RP_ISSUER_URL=""
OIDC_RP_CLIENT_ID=""
OIDC_RP_CLIENT_SECRET=""

@zhangzhaox
Copy link

希望有个OIDC功能开启的配置手册说明,谢谢

@yangguocang
Copy link

有没有关闭OIDC_VERIFY_SSL 认证的参数呀

@arthas3014
Copy link

有没有关闭OIDC_VERIFY_SSL 认证的参数呀

你好我想问下您配置oidc成功了吗,回调的uri应该填什么路径呢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants