Add authentication from upstream providers #107
21
README.md
21
README.md
@ -5,10 +5,12 @@ Basic & lightweight OpenID provider, written in Rust using the Actix framework.
|
|||||||
|
|
||||||
**WARNING :** This tool has not been audited, use it at your own risks!
|
**WARNING :** This tool has not been audited, use it at your own risks!
|
||||||
|
|
||||||
BasicOIDC operates without any database, just with two files :
|
BasicOIDC operates without any database, just with three files :
|
||||||
* `clients.yaml`: a list of authorized relying parties.
|
* `clients.yaml`: a list of authorized relying parties.
|
||||||
|
* `providers.yaml`: a list of upstream providers for authentication federation (this file is optional)
|
||||||
* `users.json`: a list of users, managed through a web UI.
|
* `users.json`: a list of users, managed through a web UI.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
You can configure a list of clients (Relying Parties) in a `clients.yaml` file with the following syntax :
|
You can configure a list of clients (Relying Parties) in a `clients.yaml` file with the following syntax :
|
||||||
```yaml
|
```yaml
|
||||||
- id: gitea
|
- id: gitea
|
||||||
@ -26,7 +28,7 @@ On the first run, BasicOIDC will create a new administrator with credentials `ad
|
|||||||
|
|
||||||
In order to run BasicOIDC for development, you will need to create a least an empty `clients.yaml` file inside the storage directory.
|
In order to run BasicOIDC for development, you will need to create a least an empty `clients.yaml` file inside the storage directory.
|
||||||
|
|
||||||
Features :
|
## Features
|
||||||
* [x] `authorization_code` flow
|
* [x] `authorization_code` flow
|
||||||
* [x] Client authentication using secrets
|
* [x] Client authentication using secrets
|
||||||
* [x] Bruteforce protection
|
* [x] Bruteforce protection
|
||||||
@ -35,6 +37,21 @@ Features :
|
|||||||
* [x] Using a security key (Webauthn)
|
* [x] Using a security key (Webauthn)
|
||||||
* [ ] Fully responsive webui
|
* [ ] Fully responsive webui
|
||||||
* [x] `robots.txt` prevents indexing
|
* [x] `robots.txt` prevents indexing
|
||||||
|
* [x] Support authentication from upstream provider
|
||||||
|
|
||||||
|
## Add an upstream provider
|
||||||
|
You can add as much upstream provider as you want, using the following syntax in `providers.yaml`:
|
||||||
|
```yaml
|
||||||
|
- id: gitlab
|
||||||
|
name: GitLab
|
||||||
|
logo: gitlab # Can be either gitea, gitlab, github, microsoft, google or a full URL
|
||||||
|
client_id: CLIENT_ID_GIVEN_BY_PROVIDER
|
||||||
|
client_secret: CLIENT_SECRET_GIVEN_BY_PROVIDER
|
||||||
|
configuration_url: https://gitlab.com/.well-known/openid-configuration
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
> Warning! Self-registration has not been implemented, therfore the accounts must have been previously created through the administration.
|
||||||
|
|
||||||
## Compiling
|
## Compiling
|
||||||
You will need the Rust toolchain to compile this project. To build it for production, just run:
|
You will need the Rust toolchain to compile this project. To build it for production, just run:
|
||||||
|
Loading…
Reference in New Issue
Block a user