search

kontron / redmine_oauth

Redmine authentication through OAuth.
GNU General Public License v2.0
51 stars 25 forks source link

Custom OIDC provider #24

Closed vladimirdulov closed 6 months ago

vladimirdulov commented 6 months ago

Could you implement an ability to setup a custom OIDC provider?

I think the following settings need to be implemented:

DISPLAY_NAME to specify custom provider name on the button OIDC_AUTH_ENDPOINT e.g. https://my-oidc-provider.url/openid/auth OIDC_TOKEN_ENDPOINT e.g. https://my-oidc-provider.url/openid/token OIDC_PROFILE_ENDPOINT e.g. https://my-oidc-provider.url/openid/me OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_SCOPE e.g. "openid,profile,email" OIDC_UID_FIELD e.g. "sub" OIDC_NAME_FIELD e.g. "name" OIDC_EMAIL_FIELD e.g. "email"

vladimirdulov commented 6 months ago

I've submitted a PR to implement an ability to setup a custom OIDC provider. @picman please review. https://github.com/kontron/redmine_oauth/pull/25

Looking forward to use your add-on (OIDC auth) in redmine app for Cloudron.

gramakri commented 6 months ago

@picman now that #25 is merged, possible to make a new release? Also, this ticket can possibly be closed. Thanks!

picman commented 6 months ago

A few issues before the release: 1.

oauth_custom_uid_field_info: UID field (default - sub)

What do you mean with 'sub'? If I open the plugin's settings page and switch to the new Custom provider, the field is preset to 'preferred_username' which doesn't correspond with 'sub'.

  1. _app/views/hooks/_view_account_login_bottom.html.erb__: I suggest the following change in the code to prevent nil.strip when Setting.plugin_redmine_oauth[:custom_name] is not set.

    -- <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].strip.empty? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
++ <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>

  2. Shouldn't be the new settings field initialized in the init.rb too?

vladimirdulov commented 6 months ago

A few issues before the release: 1.

oauth_custom_uid_field_info: UID field (default - sub)

What do you mean with 'sub'? If I open the plugin's settings page and switch to the new Custom provider, the field is preset to 'preferred_username' which doesn't correspond with 'sub'.

sub is the identity of the user, called subject in OpenID. I think preferred_username also works well as the default value.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

  1. _app/views/hooks/_view_account_login_bottom.html.erb__: I suggest the following change in the code to prevent nil.strip when Setting.plugin_redmine_oauth[:custom_name] is not set.
-- <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].strip.empty? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
++ <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>

Good point, agree.

  1. Shouldn't be the new settings field initialized in the init.rb too?

Probably you are absolutely correct, sorry I missed it (tbh I'm not a ruby/redmine dev).

just created a new PR for the suggested changes. https://github.com/kontron/redmine_oauth/pull/27

picman commented 6 months ago

Thanks.