fider icon indicating copy to clipboard operation
fider copied to clipboard

Published 20 hours ago verified publisher icon getfider

Possibility to set OAuth config via ENV variables

Open alexanderadam opened this issue 2 years ago • 5 comments

It seems that the Facebook, Google and Github credentials for OAuth/OIDC are already configurable via ENV variables (Possibility to set OAuth config via ENV variables) but it doesn't seem to be possible yet for generic solutions (i.e. as the described here)?

Would it be possible to add this possibility as well?

Thank you for your work! :raised_hands:

alexanderadam avatar Jun 09 '22 20:06 alexanderadam

Any update on this?

debMan avatar Jan 17 '23 14:01 debMan

What's the reason for wanting this via ENV? Is the UI not sufficient?

goenning avatar Jan 19 '23 15:01 goenning

As I prefer everything as code, I wanted to set up it on a Kubernetes environment, with just a kubectl apply command or on ArgiCD.

So, it would be nice to code everything. Things I encountered:

  • OAuth configurations are on GUI
  • Tenant creation is on GUI
  • First admin user creation is on GUI

Hacky solution: I wrote some database migrations and mounted them on the migrations directory to do the above tasks for me out of the box after running the fider instance.

debMan avatar Feb 04 '23 11:02 debMan

Hacky solution: I wrote some database migrations and mounted them on the migrations directory to do the above tasks for me out of the box after running the fider instance.

would you mind to share the migrations of the hacky solution?

alexanderadam avatar Feb 04 '23 11:02 alexanderadam

Sure. You should mount this file on /app/migrations/202205082056_my_init.

Named like this to place it after all other migrations

INSERT INTO tenants (
    id,
    name,
    subdomain,
    created_at,
    cname,
    invitation,
    welcome_message,
    status,
    is_private,
    custom_css,
    logo_bkey,
    locale,
    is_email_auth_allowed
)
VALUES (
    1,
    'MY_INSTANCE',
    'default',
    current_timestamp,
    '',
    '',
    '',
    1,
    false,
    '',
    '',
    'en',
    false
);

INSERT INTO oauth_providers (
    id,
    tenant_id,
    provider,
    display_name,
    status,
    client_id,
    client_secret,
    authorize_url,
    token_url,
    profile_url,
    scope,
    json_user_id_path,
    json_user_name_path,
    json_user_email_path,
    logo_bkey,
    is_trusted
)
VALUES (
    1,
    1,
    '_0000000000',
    'MY_PROVIDER',
    2,
    'CLIENT_ID',
    'CLIENT_SECRET',
    'MY_AUTHORIZE_URL',
    'MY_TOKEN_URL',
    'MY_PROFILE_URL',
    'openid email',
    'preferred_username',
    'given_name',
    'email',
    '',
    true
);

INSERT INTO users (
    id,
    name,
    email,
    created_at,
    tenant_id,
    role,
    status,
    avatar_type,
    avatar_bkey
)
VALUES (
    1,
    'ADMIN_USER_NAME',
    'ADMIN_USER_EMAIL',
    current_timestamp,
    1,
    3,
    1,
    2,
    '
);

NOTE: Don't forget to replace capitalized parameters.

debMan avatar Feb 04 '23 14:02 debMan