Closed Leen15 closed 1 year ago
Hey @Leen15 this is actually expected.
if we set google/facebook/github as Trusted
, then any user from this platform would be able to sign in to the private site.
Trusted providers are meant to be used only on custom OAuth to allow only some users, this is most commonly used to restrict a private site to employees only
Thank you @goenning , I understand your pov. Unfortunately this totally exclude the option to use Google oauth with internal applications, commonly used by companies to allow oauth access to only users with a specific company domain. Also, this exclude the option to use fider only after a signup (but without the need to manually invite users) avoiding anonymous users to use the service.
Are you using Google Workspaces? You should then use custom OAuth and just enter your details there.
The system OAuth is for public access.
Are you using Google Workspaces? You should then use custom OAuth and just enter your details there.
The system OAuth is for public access.
Yes we are, but we cannot find any example to set up it with a custom OAuth in Fider (https://fider.io/docs/configuring-oauth). Usually we only have to set up ClientID and the Secret for a google login. Can you give us a hit about what should we set in every field with Google provider?
If somebody else needs to do the same, this is the configuration to set Google as a custom OAuth Provider:
Client ID: <provided by google>
Client Secret: <provided by google>
Authorize URL: https://accounts.google.com/o/oauth2/auth
Token URL: https://oauth2.googleapis.com/token
Scope: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
Profile API URL: https://www.googleapis.com/oauth2/v1/userinfo?alt=json
Trusted Source: Yes
Status: Enabled
You should now be able to access using google.
Fider Cloud or Self Hosted Self Hosted Fider, version 0.21.1
Describe the bug We are testing Fider in private mode enabling the google oauth provider. We expect that any user can access the service using the oauth provider as specified in the description of the privacy mode:
A private site prevents unauthenticated users from viewing or interacting with its content. When enabled, only already registered users, invited users and users from trusted OAuth providers will have access to this site.
Instead, only oauth users that match with the email of manually added users can login.I don't know if it's the reason, but I found a PR ( #1068 ) that should allow oauth providers to be set as "trusted" BUT it seems that system providers are not set as "Trusted" by default and there is no way to change them (it's hardcoded): https://github.com/getfider/fider/blob/44958bf98a4ca417b9852ebd2cf2fd42a9b4508c/app/services/oauth/oauth.go#L83
Any help on this? Thanks