search

gogatekeeper / gatekeeper

An OpenID / Proxy service
https://gogatekeeper.github.io/gatekeeper/
Apache License 2.0
253 stars 43 forks source link

Support for query parameter at /oauth/authorize endpoint #452

Closed eratolekov closed 2 months ago

eratolekov commented 2 months ago

Support of ui_locales query parameter at /oauth/authorize endpoint

Summary

The multi language web application generates Keycloak's login link based on the language selected. And Keycloak opens login page with that language (without action from user).

Why?

Useful for user's expirience. Right now user should choose language at web application, then should choose language at keycloak's login page.

How

  1. Web Application generate link /oauth/authorize?ui_locales=it
  2. Gogatekeeper redirects to /realms/xxx/protocol/openid-connect/auth?access_type=online&client_id=gogatekeeper&redirect_uri=...&response_type=code&scope=email+profile+openid&ui_locales=it
  3. At Keycloak's login page the IT language is selected immediately

Acceptance criteria

Additional Information

https://www.keycloak.org/docs/latest/server_admin/#_user_locale_selection

p53 commented 2 months ago

Hi, thanks you for creating issue! will have a look

p53 commented 2 months ago

@eratolekov i added new param --allowed-query-params, you can define params which will be forwarded e.g. --allowed-query-params="ui_locales=", you can also restrict it to concrete value (only one) --allowed-query-params="ui_locales=it", there is 2.11.0-rc2 image

eratolekov commented 2 months ago

Hi p53

Thanks for spending your time.

I've added allowed-query-params to config, but I had an error:

[error] unable to read the configuration file: /etc/gatekeeper/config.yaml, error: yaml: unmarshal errors:
  line 1: cannot unmarshal !!str `myparam=` into map[string]string

My config.yaml:

allowed-query-params: myparam=
client-id: gogatekeeper
...

Also I tried: allowed-query-params: myparam=qwe allowed-query-params: "myparam=" allowed-query-params: "myparam=qwe"

With the same result.

I've read instruction at https://gogatekeeper.github.io/gatekeeper/userguide/#allowed-query-params-for-authentication It's not clear to me, where I went wrong.

Version: quay.io/gogatekeeper/gatekeeper:2.11.0-rc2

p53 commented 2 months ago

@eratolekov example in docu are command line flags, not yaml config...so for yaml config it should be:

allowed-query-params:
  myparam: qwe
  secondparam: two
p53 commented 2 months ago

will update docu to include also yaml example

eratolekov commented 2 months ago

m-m-m, my fault now work like a charm, thanks