kvmd
kvmd copied to clipboard
OAuth Manager and OAuth2/OpenID connect Plugin
Added the possibility to define OAuth Providers as authentication backend.
/etc/kvmd/auth.yaml
has to look like the following:
oauth:
enabled: true
providers:
github:
type: oauth2
client_id: myclient
client_secret: mysecret123
access_token_url: https://github.com/login/oauth/access_token
authorize_url: https://github.com/login/oauth/authorize
base_url: https://github.com/
user_info_url: https://api.github.com/user
long_name: GitHub
scope: openid user
username_attribute: email
keycloak:
type: oauth2
client_id: client2
client_secret: str
access_token_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/token
authorize_url: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/auth
base_url: https://sso.keycloak.my.tld/
user: https://sso.keycloak.my.tld/realms/master/protocol/openid-connect/
long_name: My Keycloak
scope: openid profile
username_attribute: sub
It will define two Providers. Both are identified by the key for their config dict, so we have two: keycloak
and github
The first one, GitHub, is accessable with https://<PiKVM>/api/auth/oauth/login/github
, the second one, Keycloak, with https://<PiKVM>/api/auth/oauth/login/keycloak
. The callback urls are https://<PiKVM>/api/auth/oauth/callback/<provider-key>
.
The oauth2 plugin implements the authorization code flow.