Skip to content

Auth OIDC #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 78 commits into
base: dev
Choose a base branch
from
Open

Auth OIDC #6

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
aab4750
extended configuration manager with optional OIDC sections
sjanssen2 Mar 20, 2024
49b0448
flake8
sjanssen2 Mar 20, 2024
2840601
also provide a label for a speaking name of the identity provider
sjanssen2 Mar 20, 2024
f1c9149
start implementing the OIDC dance
sjanssen2 Mar 20, 2024
2eb6d08
modal not necessary, if only one provider was defined
sjanssen2 Mar 20, 2024
48ca02a
error handling of provider not in config file
sjanssen2 Mar 20, 2024
dc4bd20
adding pycurl package to enable tornado curl_httpclients
sjanssen2 Mar 20, 2024
e1f3c13
a new method to create a user, if information do not need to be enter…
sjanssen2 Mar 20, 2024
48f09a5
full OIDC dance implemented
sjanssen2 Mar 20, 2024
baf40df
add an admin page to activate users which requested authorization thr…
sjanssen2 Mar 20, 2024
670a55a
flake8
sjanssen2 Mar 20, 2024
091ffc6
adding menu entry for user authorization
sjanssen2 Mar 20, 2024
1feefc0
do not expose traditional qiita internal user authentication, if OIDC…
sjanssen2 Mar 21, 2024
29ce7dd
use Qiita typical modal for OIDC login
sjanssen2 Mar 21, 2024
2ca5bb8
wrong menu entrie affected
sjanssen2 Mar 21, 2024
1b787cb
always allow logout
sjanssen2 Mar 21, 2024
88319b2
improved error handling
sjanssen2 Mar 21, 2024
02d9af0
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Mar 22, 2024
b1e1b6b
revert: let user change their profile, but not password - if provided…
sjanssen2 Mar 22, 2024
a7d3b84
speaking button names + move into correct div to always get displayed
sjanssen2 Mar 22, 2024
125835a
use email from config + loop user_info from OIDC to fill DB
sjanssen2 Mar 22, 2024
5f28092
use OIDC info to prefil user information
sjanssen2 Mar 22, 2024
19b4d7b
drop admin user authorization
sjanssen2 Apr 4, 2024
33f2879
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Apr 4, 2024
c9d413a
using the well-known json dict instead of manually providing multiple…
sjanssen2 Jun 5, 2024
6bfafcb
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Jun 5, 2024
9a5e7cc
flake8
sjanssen2 Jun 5, 2024
b2fc279
flake8
sjanssen2 Jun 5, 2024
5cc0896
add ability to display OIDC logos
sjanssen2 Jun 5, 2024
949084d
add OIDC logo
sjanssen2 Jun 5, 2024
c3b040b
revert to dev branch
sjanssen2 Jun 5, 2024
d96bbae
fixing config manager tests
sjanssen2 Jun 5, 2024
a491870
Merge pull request #7 from jlab/auth_oidc_wellknown
sjanssen2 Jun 5, 2024
b1baece
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Jun 6, 2024
81fdcbf
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Jun 20, 2024
e0c4002
add missing template
sjanssen2 Jun 20, 2024
bb9c685
Merge branch 'add_admin_purge_template' of github.com:jlab/qiita into…
sjanssen2 Jun 20, 2024
79e794a
Merge branch 'dev' of https://github.com/qiita-spots/qiita into auth_…
sjanssen2 Jun 21, 2024
c0e715b
Update CHANGELOG.md
antgonza Oct 12, 2024
d8cb8db
Merge branch 'dev' of github.com:biocore/qiita
antgonza Jan 13, 2025
fdad618
Merge branch 'dev' of github.com:biocore/qiita
antgonza Feb 25, 2025
c9aacec
Merge branch 'master' of github.com:qiita-spots/qiita into auth_oidc_…
sjanssen2 Mar 4, 2025
a5deb83
Merge pull request #10 from jlab/auth_oidc_merged
sjanssen2 Mar 4, 2025
7693c5e
extended configuration manager with optional OIDC sections
sjanssen2 Mar 20, 2024
b4ab605
flake8
sjanssen2 Mar 4, 2025
baa7230
also provide a label for a speaking name of the identity provider
sjanssen2 Mar 20, 2024
52e57ca
start implementing the OIDC dance
sjanssen2 Mar 20, 2024
4061373
modal not necessary, if only one provider was defined
sjanssen2 Mar 20, 2024
51307d1
error handling of provider not in config file
sjanssen2 Mar 20, 2024
7a0ec9f
adding pycurl package to enable tornado curl_httpclients
sjanssen2 Mar 20, 2024
0c365a1
a new method to create a user, if information do not need to be enter…
sjanssen2 Mar 20, 2024
e993a99
full OIDC dance implemented
sjanssen2 Mar 20, 2024
ca5f7f6
add an admin page to activate users which requested authorization thr…
sjanssen2 Mar 20, 2024
4d5c6a2
flake8
sjanssen2 Mar 20, 2024
fd6d15e
adding menu entry for user authorization
sjanssen2 Mar 20, 2024
9c8b824
do not expose traditional qiita internal user authentication, if OIDC…
sjanssen2 Mar 21, 2024
a654e48
use Qiita typical modal for OIDC login
sjanssen2 Mar 21, 2024
27f6d35
always allow logout
sjanssen2 Mar 21, 2024
85bf1fa
improved error handling
sjanssen2 Mar 21, 2024
8a504cc
revert: let user change their profile, but not password - if provided…
sjanssen2 Mar 22, 2024
ef05eed
speaking button names + move into correct div to always get displayed
sjanssen2 Mar 22, 2024
a5270a0
use email from config + loop user_info from OIDC to fill DB
sjanssen2 Mar 22, 2024
2efb70f
use OIDC info to prefil user information
sjanssen2 Mar 22, 2024
c8b1198
drop admin user authorization
sjanssen2 Apr 4, 2024
3d6f718
using the well-known json dict instead of manually providing multiple…
sjanssen2 Jun 5, 2024
3957030
flake8
sjanssen2 Jun 5, 2024
648f2f9
flake8
sjanssen2 Jun 5, 2024
73f92b9
add ability to display OIDC logos
sjanssen2 Jun 5, 2024
0dc243d
add OIDC logo
sjanssen2 Jun 5, 2024
9b81163
fixing config manager tests
sjanssen2 Jun 5, 2024
bb03167
Merge branch 'auth_oidc' of github.com:jlab/qiita into auth_oidc
sjanssen2 Mar 4, 2025
0a29ac2
create neccessary "mountpoints" (#3462)
sjanssen2 Mar 9, 2025
a76288b
Merge branch 'master' of github.com:qiita-spots/qiita into auth_oidc
sjanssen2 Mar 11, 2025
8cc718f
Merge branch 'dev' of github.com:qiita-spots/qiita into auth_oidc
sjanssen2 Mar 11, 2025
5ab3ebb
fix sub-directory path (#3464)
sjanssen2 Mar 11, 2025
89cab41
Merge branch 'master' of github.com:qiita-spots/qiita into auth_oidc
sjanssen2 Mar 11, 2025
d0e03de
Fix multiple validation jobs (#3465)
sjanssen2 Mar 12, 2025
1a61930
Merge branch 'dev' of github.com:qiita-spots/qiita into auth_oidc
sjanssen2 Mar 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
flake8
  • Loading branch information
@sjanssen2
sjanssen2 committed Mar 4, 2025
commit b4ab605fd6b9873b4d47e05e8601beb9ae2bc361
29 changes: 20 additions & 9 deletions qiita_core/support_files/config_test.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,10 +230,11 @@ STATS_MAP_CENTER_LONGITUDE =
#[oidc_academicid]
#
## client ID for Qiita as registered at your Identity Provider of choice
#CLIENT_ID =
#CLIENT_ID = gi-qiita-prod
#
## client secret to verify Qiita as the correct client. Not all IdPs require this
#CLIENT_SECRET =
## client secret to verify Qiita as the correct client. Not all IdPs require
## a client secret!
#CLIENT_SECRET = verySecretString
#
## redirect URL (end point in your Qiita instance), to which the IdP redirects
## after user types in his/her credentials. If you don't want to change code in
Expand All @@ -242,11 +243,21 @@ STATS_MAP_CENTER_LONGITUDE =
## without the oidc_ prefix!
#REDIRECT_ENDPOINT = /auth/login_OIDC/localkeycloak
#
## URL for step 1: obtain code
#AUTHORIZE_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/auth
## The URL of the well-known json document, specifying how API end points
## like 'authorize', 'token' or 'userinfo' are defined. See e.g.
## https://swagger.io/docs/specification/authentication/
## openid-connect-discovery/
#WELLKNOWN_URI = https://keycloak.sso.gwdg.de/.well-known/openid-configuration
#
## URL for step 2: obtain user token
#ACCESS_TOKEN_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/token
## a speaking label for the Identity Provider. Section name is used if empty.
#LABEL = GWDG Academic Cloud
#
## URL for step 3: obtain user infos
#USERINFO_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/userinfo
## The scope, i.e. fields about a user, which Qiita requests from the
## Identity Provider, e.g. "profile email eduperson_orcid".
## Will be automatically extended by the scope "openid", to enable the
## "authorize_code" OIDC flow.
#SCOPE = openid
#
##Optional. Name of a file in qiita_pet/static/img that shall be
##displayed for login through Service Provider, instead of a plain button
#LOGO = oidc_lifescienceAAI.png
29 changes: 20 additions & 9 deletions qiita_core/tests/test_configuration_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ def test_get_portal_latlong(self):
obs._get_portal(self.conf)
self.assertEqual(obs.stats_map_center_longitude, -105.24827)

def test_get_postgres(self):
def test_get_oidc(self):
SECTION_NAME = 'oidc_academicid'
obs = ConfigurationManager()
self.assertTrue(len(obs.oidc), 1)
Expand Down Expand Up @@ -504,8 +504,9 @@ def test_get_postgres(self):
# client ID for Qiita as registered at your Identity Provider of choice
CLIENT_ID = gi-qiita-prod

# client secret to verify Qiita as the correct client. Not all IdPs require this
CLIENT_SECRET =
# client secret to verify Qiita as the correct client. Not all IdPs require
# a client secret.
CLIENT_SECRET = verySecretString

# redirect URL (end point in your Qiita instance), to which the IdP redirects
# after user types in his/her credentials. If you don't want to change code in
Expand All @@ -514,14 +515,24 @@ def test_get_postgres(self):
# without the oidc_ prefix!
REDIRECT_ENDPOINT = /auth/login_OIDC/academicid

# URL for step 1: obtain code
AUTHORIZE_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/auth
# The URL of the well-known json document, specifying how API end points
# like 'authorize', 'token' or 'userinfo' are defined. See e.g.
# https://swagger.io/docs/specification/authentication/
# openid-connect-discovery/
WELLKNOWN_URI = https://keycloak.sso.gwdg.de/.well-known/openid-configuration

# a speaking label for the Identity Provider. Section name is used if empty.
LABEL = GWDG Academic Cloud

# URL for step 2: obtain user token
ACCESS_TOKEN_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/token
# The scope, i.e. fields about a user, which Qiita requests from the
# Identity Provider, e.g. "profile email eduperson_orcid".
# Will be automatically extended by the scope "openid", to enable the
# "authorize_code" OIDC flow.
SCOPE = openid

# URL for step 3: obtain user infos
USERINFO_URL = https://keycloak.sso.gwdg.de/auth/realms/academiccloud/protocol/openid-connect/userinfo
# Optional. Name of a file in qiita_pet/static/img that shall be
# displayed for login through Service Provider, instead of a plain button
LOGO = oidc_lifescienceAAI.png
"""

if __name__ == '__main__':
Expand Down