From 5e0b52bbda43348a2dd18170c5261bf1455841ae Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Thu, 27 Apr 2023 12:03:58 +0200 Subject: [PATCH] Update README --- README.md | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 48a1ab6..8f52e20 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,12 @@ Basic & lightweight OpenID provider, written in Rust using the Actix framework. **WARNING :** This tool has not been audited, use it at your own risks! -BasicOIDC operates without any database, just with two files : +BasicOIDC operates without any database, just with three files : * `clients.yaml`: a list of authorized relying parties. +* `providers.yaml`: a list of upstream providers for authentication federation (this file is optional) * `users.json`: a list of users, managed through a web UI. +## Configuration You can configure a list of clients (Relying Parties) in a `clients.yaml` file with the following syntax : ```yaml - id: gitea @@ -26,7 +28,7 @@ On the first run, BasicOIDC will create a new administrator with credentials `ad In order to run BasicOIDC for development, you will need to create a least an empty `clients.yaml` file inside the storage directory. -Features : +## Features * [x] `authorization_code` flow * [x] Client authentication using secrets * [x] Bruteforce protection @@ -35,6 +37,21 @@ Features : * [x] Using a security key (Webauthn) * [ ] Fully responsive webui * [x] `robots.txt` prevents indexing +* [x] Support authentication from upstream provider + +## Add an upstream provider +You can add as much upstream provider as you want, using the following syntax in `providers.yaml`: +```yaml +- id: gitlab + name: GitLab + logo: gitlab # Can be either gitea, gitlab, github, microsoft, google or a full URL + client_id: CLIENT_ID_GIVEN_BY_PROVIDER + client_secret: CLIENT_SECRET_GIVEN_BY_PROVIDER + configuration_url: https://gitlab.com/.well-known/openid-configuration + +``` + +> Warning! Self-registration has not been implemented, therfore the accounts must have been previously created through the administration. ## Compiling You will need the Rust toolchain to compile this project. To build it for production, just run: