script-server icon indicating copy to clipboard operation
script-server copied to clipboard
verified publisher icon bugy

feat: add support for azure ad oauth

Open 0lionelzhang0 opened this issue 1 year ago • 2 comments

With regards to #741 Adds support for Azure AD OAuth

  • requires the following config:
    • auth.type (azure_ad_oauth)
    • auth.auth_url (https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize)
    • auth.token_url (https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token)
    • auth.client_id
    • auth.secret

0lionelzhang0 avatar Apr 01 '24 22:04 0lionelzhang0

I'm so sorry for missing it. Will review it now

bugy avatar Aug 09 '24 19:08 bugy

Authentication.md wiki snippet:

## Azure AD OAuth

Script server can authenticate users via Azure AD OAuth. `auth_url`, `token_url`, `client_id`, and `secret` properties should be acquired from Azure and configured in the Script server.

### Instructions
- Log in to [Azure Portal](https://portal.azure.com).
- Click **Microsoft Entra ID** in the side menu. If you have access to more than one tenant, select your account in the upper right and set your session to the Entra ID tenant you wish to use.
- Under **Manage** in the side menu, click **App Registrations** > **New Registration**.
- Enter a descriptive name.
- Under **Redirect URI**, select the app type **Web**.
- Add the following redirect URLs:
  - `<script-server-url>/login.html`
  - `<script-server-url>`
- Click **Register**. The app’s Overview page opens.
- Note the **Application ID**. This is the OAuth client ID (`client_id`).
- Click **Endpoints** from the top menu.
  - Note the OAuth 2.0 authorization endpoint (v2) URL (`auth_url`).
  - Note the OAuth 2.0 token endpoint (v2) URL (`token_url`).
- Click **Certificates & secrets** in the side menu.
- Add a new entry under **Client secrets** with the following configuration:
  - **Description**: Grafana OAuth
  - **Expires**: Select an expiration period
- Click **Add** then copy the key value. This is the OAuth client secret (`secret`).

### Options
* `type` (required) - should be `azure_ad_oauth`
* `auth_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize`
* `token_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token`
* `client_id` (required) - OAuth client ID
* `secret` (required) - OAuth client secret

0lionelzhang0 avatar Aug 11 '24 00:08 0lionelzhang0

@bugy is there a dev release of this anywhere that can be downloaded?

tvalenta avatar Oct 09 '24 19:10 tvalenta

https://github.com/bugy/script-server/releases/tag/dev

bugy avatar Oct 10 '24 10:10 bugy

The dev release has a date of December 2023. Am I misreading it?

tvalenta avatar Oct 10 '24 14:10 tvalenta

@tvalenta oh, the build was not running for a long time already :( I sent a message to travis team to provide more build credits, so the builds can run again.

bugy avatar Oct 10 '24 15:10 bugy

@tvalenta oh, the build was not running for a long time already :( I sent a message to travis team to provide more build credits, so the builds can run again.

I'd like to give this build a try -- any chance cicd would now build the dev release?

tvalenta avatar Oct 23 '24 00:10 tvalenta

@tvalenta the build should be ready now :) sorry for delay

bugy avatar Oct 23 '24 14:10 bugy