kvmd icon indicating copy to clipboard operation
kvmd copied to clipboard

Published 20 hours ago verified publisher icon pikvm

OAuth Manager and OAuth2/OpenID connect Plugin

Open markus-96 opened this issue 5 months ago • 2 comments

Added the possibility to define OAuth Providers as authentication backend.

/etc/kvmd/auth.yaml has to look like the following:

oauth:
  enabled: true
  providers:
    github:
      type: oauth2
      client_id: myclient
      client_secret: mysecret123
      access_token_url: https://github.com/login/oauth/access_token
      authorize_url: https://github.com/login/oauth/authorize
      base_url: https://github.com/
      user_info_url: https://api.github.com/user
      long_name: GitHub
      scope: openid user
      username_attribute: email
    keycloak:
      type: oauth2
      client_id: client2
      client_secret: str
      access_token_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/token
      authorize_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/auth
      base_url: https://sso.keycloak.my.tld/
      user: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/
      long_name: My Keycloak
      scope: openid profile
      username_attribute: sub

It will define two Providers. Both are identified by the key for their config dict, so we have two: keycloak and github The first one, GitHub, is accessable with https://<PiKVM>/api/auth/oauth/login/github, the second one, Keycloak, with https://<PiKVM>/api/auth/oauth/login/keycloak. The callback urls are https://<PiKVM>/api/auth/oauth/callback/<provider-key>.

The oauth2 plugin implements the authorization code flow.

markus-96 avatar Jan 23 '24 12:01 markus-96