1
0
mirror of https://github.com/stonith404/pingvin-share.git synced 2024-11-14 03:20:15 +01:00
pingvin-share/docs/oauth2-guide.md
Qing Fu 02cd98fa9c
feat(auth): add OAuth2 login (#276)
* feat(auth): add OAuth2 login with GitHub and Google

* chore(translations): add files for Japanese

* fix(auth): fix link function for GitHub

* feat(oauth): basic oidc implementation

* feat(oauth): oauth guard

* fix: disable image optimizations for logo to prevent caching issues with custom logos

* fix: memory leak while downloading large files

* chore(translations): update translations via Crowdin (#278)

* New translations en-us.ts (Japanese)

* New translations en-us.ts (Japanese)

* New translations en-us.ts (Japanese)

* release: 0.18.2

* doc(translations): Add Japanese README (#279)

* Added Japanese README.

* Added JAPANESE README link to README.md.

* Updated Japanese README.

* Updated Environment Variable Table.

* updated zh-cn README.

* feat(oauth): unlink account

* refactor(oauth): make providers extensible

* fix(oauth): fix discoveryUri error when toggle google-enabled

* feat(oauth): add microsoft and discord as oauth provider

* docs(oauth): update README.md

* docs(oauth): update oauth2-guide.md

* set password to null for new oauth users

* New translations en-us.ts (Japanese) (#281)

* chore(translations): add Polish files

* fix(oauth): fix random username and password

* feat(oauth): add totp

* fix(oauth): fix totp throttle

* fix(oauth): fix qrcode and remove comment

* feat(oauth): add error page

* fix(oauth): i18n of error page

* feat(auth): add OAuth2 login

* fix(auth): fix link function for GitHub

* feat(oauth): basic oidc implementation

* feat(oauth): oauth guard

* feat(oauth): unlink account

* refactor(oauth): make providers extensible

* fix(oauth): fix discoveryUri error when toggle google-enabled

* feat(oauth): add microsoft and discord as oauth provider

* docs(oauth): update README.md

* docs(oauth): update oauth2-guide.md

* set password to null for new oauth users

* fix(oauth): fix random username and password

* feat(oauth): add totp

* fix(oauth): fix totp throttle

* fix(oauth): fix qrcode and remove comment

* feat(oauth): add error page

* fix(oauth): i18n of error page

* refactor: return null instead of `false` in `getIdOfCurrentUser` functiom

* feat: show original oauth error if available

* refactor: run formatter

* refactor(oauth): error message i18n

* refactor(oauth): make OAuth token available
someone may use it (to revoke token or get other info etc.)
also improved the i18n message

* chore(oauth): remove unused import

* chore: add database migration

* fix: missing python installation for nanoid

---------

Co-authored-by: Elias Schneider <login@eliasschneider.com>
Co-authored-by: ふうせん <10260662+fusengum@users.noreply.github.com>
2023-10-22 16:09:53 +02:00

4.7 KiB

OAuth 2 Login Guide

Config Built-in OAuth 2 Providers

GitHub

Please follow the official guide to create an OAuth app.

Redirect URL: https://<your-domain>/api/oauth/callback/github

Google

Please follow the official guide to create an OAuth 2.0 App.

Redirect URL: https://<your-domain>/api/oauth/callback/google

Microsoft

Please follow the official guide to register an application.

Redirect URL: https://<your-domain>/api/oauth/callback/microsoft

Discord

Create an application on Discord Developer Portal.

Redirect URL: https://<your-domain>/api/oauth/callback/discord

OpenID Connect

Generic OpenID Connect provider is also supported, we have tested it on Keycloak and Authentik.

Redirect URL: https://<your-domain>/api/oauth/callback/oidc

Custom your OAuth 2 Provider

If our built-in providers don't meet your needs, you can create your own OAuth 2 provider.

1. Create config

Add your config (client id, client secret, etc.) in config.seed.ts:

const configVariables: ConfigVariables = {
  // ...
  oauth: {
    // ...
    "YOUR_PROVIDER_NAME-enabled": {
      type: "boolean",
      defaultValue: "false",
    },
    "YOUR_PROVIDER_NAME-clientId": {
      type: "string",
      defaultValue: "",
    },
    "YOUR_PROVIDER_NAME-clientSecret": {
      type: "string",
      defaultValue: "",
      obscured: true,
    },
  }
}

2. Create provider class

OpenID Connect

If your provider supports OpenID connect, it's extremely easy to extend GenericOidcProvider to add a new OpenID Connect provider.

The Google provider and Microsoft provider are good examples.

Here are some discovery URIs for popular providers:

  • Microsoft: https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
  • Google: https://accounts.google.com/.well-known/openid-configuration
  • Apple: https://appleid.apple.com/.well-known/openid-configuration
  • Gitlab: https://gitlab.com/.well-known/openid-configuration
  • Huawei: https://oauth-login.cloud.huawei.com/.well-known/openid-configuration
  • Paypal: https://www.paypal.com/.well-known/openid-configuration
  • Yahoo: https://api.login.yahoo.com/.well-known/openid-configuration

OAuth 2

If your provider only supports OAuth 2, you can implement OAuthProvider interface to add a new OAuth 2 provider.

The GitHub provider and Discord provider are good examples.

3. Register provider

Register your provider in OAuthModule and OAuthSignInDto:

@Module({
  providers: [
    GitHubProvider,
    // your provider
    {
      provide: "OAUTH_PROVIDERS",
      useFactory(github: GitHubProvider, /* your provider */): Record<string, OAuthProvider<unknown>> {
        return {
          github,
          google,
          oidc,
        };
      },
      inject: [GitHubProvider, /* your provider */],
    },
  ],
})
export class OAuthModule {
}
export interface OAuthSignInDto {
  provider: 'github' | 'google' | 'microsoft' | 'discord' | 'oidc' /* your provider*/
  ;
  providerId: string;
  providerUsername: string;
  email: string;
}

4. Add frontend icon

Add an icon in oauth.util.tsx.

const getOAuthIcon = (provider: string) => {
  return {
    'github': <SiGithub />,
    /* your provider */
  }[provider];
}

5. Add i18n text

Add keys below to your i18n text in locale file.

  • signIn.oauth.YOUR_PROVIDER_NAME
  • account.card.oauth.YOUR_PROVIDER_NAME
  • admin.config.oauth.YOUR_PROVIDER_NAME-enabled
  • admin.config.oauth.YOUR_PROVIDER_NAME-client-id
  • admin.config.oauth.YOUR_PROVIDER_NAME-client-secret
  • Other config keys you defined in step 1

Congratulations! 🎉 You have successfully added a new OAuth 2 provider! Pull requests are welcome if you want to share your provider with others.