search

bugy / script-server

Web UI for your scripts with execution management
Other
1.61k stars 249 forks source link

feat: add support for azure ad oauth #745

Closed 0lionelzhang0 closed 2 months ago

0lionelzhang0 commented 7 months ago

With regards to #741 Adds support for Azure AD OAuth

bugy commented 3 months ago

I'm so sorry for missing it. Will review it now

0lionelzhang0 commented 3 months ago

Authentication.md wiki snippet:

## Azure AD OAuth

Script server can authenticate users via Azure AD OAuth. `auth_url`, `token_url`, `client_id`, and `secret` properties should be acquired from Azure and configured in the Script server.

### Instructions
- Log in to [Azure Portal](https://portal.azure.com).
- Click **Microsoft Entra ID** in the side menu. If you have access to more than one tenant, select your account in the upper right and set your session to the Entra ID tenant you wish to use.
- Under **Manage** in the side menu, click **App Registrations** > **New Registration**.
- Enter a descriptive name.
- Under **Redirect URI**, select the app type **Web**.
- Add the following redirect URLs:
  - `<script-server-url>/login.html`
  - `<script-server-url>`
- Click **Register**. The app’s Overview page opens.
- Note the **Application ID**. This is the OAuth client ID (`client_id`).
- Click **Endpoints** from the top menu.
  - Note the OAuth 2.0 authorization endpoint (v2) URL (`auth_url`).
  - Note the OAuth 2.0 token endpoint (v2) URL (`token_url`).
- Click **Certificates & secrets** in the side menu.
- Add a new entry under **Client secrets** with the following configuration:
  - **Description**: Grafana OAuth
  - **Expires**: Select an expiration period
- Click **Add** then copy the key value. This is the OAuth client secret (`secret`).

### Options
* `type` (required) - should be `azure_ad_oauth`
* `auth_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize`
* `token_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token`
* `client_id` (required) - OAuth client ID
* `secret` (required) - OAuth client secret
tvalenta commented 1 month ago

@bugy is there a dev release of this anywhere that can be downloaded?

bugy commented 1 month ago

https://github.com/bugy/script-server/releases/tag/dev

tvalenta commented 1 month ago

The dev release has a date of December 2023. Am I misreading it?

bugy commented 1 month ago

@tvalenta oh, the build was not running for a long time already :( I sent a message to travis team to provide more build credits, so the builds can run again.

tvalenta commented 1 month ago

@tvalenta oh, the build was not running for a long time already :( I sent a message to travis team to provide more build credits, so the builds can run again.

I'd like to give this build a try -- any chance cicd would now build the dev release?

bugy commented 1 month ago

@tvalenta the build should be ready now :) sorry for delay