Closed alvinchow86 closed 8 years ago
Added in PR #85
@scragg0x nice to see that auth branch merged in. did you implement something like GITHUB_AUTHORIZED_ORG
or GITHUB_AUTHORIZED_USERNAMES
, to automatically authenticate users based on Github membership?
I haven't but it's a good idea.
Implementing alternative user authentication using Github OAuth2, using Github Flask (https://github-flask.readthedocs.org/en/latest/). Tested and works. You need to register a Github Oauth application, and then set these in your config JSON:
GITHUB_CLIENT_ID
GITHUB_CLIENT_SECRET
GITHUB_AUTHORIZED_ORG
: right now provides login access to a Github user that's a member of this organizationREGISTRATION_ENABLED=false
: no need to register new accountsBASE_URL
: set this to the URL the wiki is hosted on (necessary for the Oauth2 callback).Basically when a user clicks on "Sign in with Github", they go to Github, authorize this application, Github redirects to the wiki with an Oauth2 access token. We then use this to fetch the user's username/email/organization membership, and log them in if it matches.
This is a proof of concept, and I'm not 100% happy with the integration into the existing codebase. I basically added a separate app/module called
github
, and use it for doing auth instead of the existingauth
module. Originally I tried to fit the code inauth
, but I wanted to avoid needed to have a DB-backed User model because you don't really need it anymore. Another approach might be to make a more genericoauth
.We might want to look into making this more generic and supporting other OAuth backends (e.g. Google). For me Github makes sense because I can imagine this wiki being popular for programming teams moving off of Github wikis. If a team is already set up on Github, this makes for a very smooth transition, as people don't have to make a new account. (May make sense to also set
PRIVATE_WIKI=true
)Upcoming changes:
github
app should begithub_auth
GITHUB_AUTHORIZED_USERNAMES
to whitelist by usernames in addition to organization.?next
redirect after-login working againCan also get ideas from https://github.com/scragg0x/realms-wiki/pull/79
https://developer.github.com/v3/oauth/