pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add default clients (#105)
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
* Add the possibility to create client enabled by default when creating new accounts
* Can mark clients are granted for all users, regardless of users accounts grants

Reviewed-on: #105
This commit is contained in:
Pierre HUBERT
2023-04-15 10:19:15 +00:00
parent f1ac19cca1
commit 6d2e52d632
10 changed files with 493 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@@ -16,6 +16,10 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
description: Git with a cup of tea
secret: TOP_SECRET
redirect_uri: https://mygit.mywebsite.com/
# If you want new accounts to be granted access to this client by default
default: true
# If you want the client to be granted to every users, regardless their account configuration
granted_to_all_users: true
```
On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials.
@@ -38,5 +42,27 @@ You will need the Rust toolchain to compile this project. To build it for produc
cargo build --release
```
## Testing with OAauth proxy
If you want to test the solution with OAuth proxy, you can try to adapt the following commands (considering `192.168.2.103` is your local IP address):
```bash
# In a shell, start BasicOID
RUST_LOG=debug cargo run -- -s storage -w "http://192.168.2.103.nip.io:8000"
# In another shell, run OAuth proxy
docker run --rm -p 4180:4180 quay.io/oauth2-proxy/oauth2-proxy:latest --provider=oidc --email-domain=* --client-id=oauthproxy --client-secret=secretoauth --cookie-secret=SECRETCOOKIE1234 --oidc-issuer-url=http://192.168.2.103.nip.io:8000 --http-address 0.0.0.0:4180 --upstream http://192.168.2.103 --redirect-url http://192.168.2.103:4180/oauth2/callback --cookie-secure=false
```
Corresponding client configuration:
```yaml
- id: oauthproxy
name: Oauth proxy
description: oauth proxy
secret: secretoauth
redirect_uri: http://192.168.2.103:4180/
```
> Note: We do need to use real domain name instead of IP address due to the `webauthn-rs` crate limitations. We therefore use the `nip.io` domain helper.
## Contributing
If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)