Closed sudomoke closed 2 years ago
Your report is appreciated. Please star this repository to motivate its developers! :star:
it's in our roadmap
@Moke the version 1.4.23 has oAuth2 support
here is the an example for google:
"oauth2": {
"enable": false,
"client_id": "1234565",
"client_secret": "FAKE",
"project_id": "Homer OAuth",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"redirect_uri": "http://localhost:80/api/v3/oauth2/auth",
"service_redirect": "/api/v3/oauth2/redirect",
"profile_url": "https://www.googleapis.com/oauth2/v1/userinfo",
"provider_name": "google",
"scope": ["email", "openid", "profile"],
"provider_image": ""
},
I am working on adapting your example to work with AzureAD.
And I'm watching him do it :)
Doesn't look like im able to get it working. Here's the configuration.
"oauth2": {
"enable": true,
"client_id": "********",
"client_secret": "**",
"project_id": "Homer OAuth",
"auth_uri": "https://login.microsoftonline.com/***/oauth2/v2.0/authorize",
"token_uri": "https://login.microsoftonline.com/common/v2.0/oauth2/token",
"auth_provider_x509_cert_url": "https://login.microsoftonline.com/******/discovery/v2.0/keys",
"redirect_uri": "https://homer.*****.com/api/v3/oauth2/auth",
"service_redirect": "/api/v3/oauth2/redirect",
"profile_url": "https://graph.microsoft.com/oidc/userinfo",
"provider_name": "microsoft",
"scope": ["email", "openid", "profile"]
}
Even though i am able to successfully see the configuration using
/usr/local/bin/homer-app -show-current-config
I am being redirected to google for oauth2 instead of the auth_uri defined.
Oops. Let us fix it asap
@Moke can you please check homer-app-1.4.24 ? Thank you!
Having a problem with the final step in the authentication. It's redirecting to / with the ?token param but failing with a 404 HTTP response
{"data":{},"message":"key not found or has been expired"}
The log file produces only:
{"level":"debug","msg":"Doing URL for providermicrosoft","time":"2021-11-05T03:39:57-05:00"}
{"level":"debug","msg":"Doing AuthSericeRequest for provider: microsoft","time":"2021-11-05T03:39:57-05:00"}
did you configure the api to retrieve your profile ?
@Moke are you able join us on Matrix ? https://matrix.to/#/#sipcapture_homer:gitter.im
so, with 1.4.25 it works as should! Thank you @Moke !
Here is my latest and working configuration to use Azure AD with Homer. Sharing for anyone else.
"oauth2": {
"enable": true,
"client_id": "****",
"client_secret": "*****",
"project_id": "AzureAD",
"auth_uri": "https://login.microsoftonline.com/[AD TENANT GUID]/oauth2/v2.0/authorize",
"token_uri": "https://login.microsoftonline.com/[AD TENANT GUID]/oauth2/v2.0/token",
"auth_provider_x509_cert_url": "https://login.microsoftonline.com/[AD TENANT GUID]/discovery/keys",
"redirect_uri": "https://homer.homer.net/api/v3/oauth2/auth",
"service_redirect": "https://homer.homer.net/api/v3/oauth2/redirect",
"profile_url": "https://graph.microsoft.com/oidc/userinfo",
"provider_name": "microsoft",
"scope": ["email", "openid", "profile"],
"provider_image": ""
}
In Azure AD App Registrations, configure the redirect URI to https://homer.homer.net/api/v3/oauth2/auth/microsoft
Check the box for "ID tokens (used for implicit and hybrid flows)"
In the API permissions section, add a "Delegated permission", under "Microsoft Graph" for email, openid, and profile.
@Moke thank you so much!
@Moke please star us :-) https://github.com/sipcapture/homer/stargazers
@Moke https://github.com/sipcapture/homer-app/commit/44839ca084c6aa764183f713dad52a02c838f994
here is gravatar support
Hopefully this is the correct place to register a feature request.
I would like to see SAML or oauth2 based SSO added to the homer7 products. The current available solution (ldap) is less desirable than being able to use Google or AzureAD as an idp.