Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: OpenID Connect for Self Hosted Instance with God-Mode Implementation #1

Merged
merged 2 commits into from
Jan 12, 2024
Merged

feat: OpenID Connect for Self Hosted Instance with God-Mode Implementation #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
96fae4d
Support OIDC Authentication including automatic redirect and configur…
torbenraab Jan 10, 2024
a481572
Fix some of the reported deepsource analytic problems
torbenraab Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions apiserver/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,17 @@ ENABLE_EMAIL_PASSWORD="1"
# Enable Magic link Login
ENABLE_MAGIC_LINK_LOGIN="0"

# Enable OpenID Connect Login - You can set the Issuer to get the Enpoints (URLs) automatically or set them manually
# If you set the Endpoints manually the issuer should be empty to avoid overriding the endpoints
OIDC_AUTO="0"
OIDC_CLIENT_ID=""
OIDC_CLIENT_SECRET=""
OIDC_ISSUER=""
OIDC_URL_AUTHORIZATION=""
OIDC_URL_TOKEN=""
OIDC_URL_USERINFO=""
OIDC_URL_ENDSESSION=""

# Email redirections and minio domain settings
WEB_URL="http://localhost"

Expand Down
2 changes: 2 additions & 0 deletions apiserver/plane/app/urls/authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
MagicGenerateEndpoint,
MagicSignInEndpoint,
OauthEndpoint,
OIDCEndpoint,
EmailCheckEndpoint,
## End Authentication
# Auth Extended
Expand All @@ -27,6 +28,7 @@
# Social Auth
path("email-check/", EmailCheckEndpoint.as_view(), name="email"),
path("social-auth/", OauthEndpoint.as_view(), name="oauth"),
path("oidc-auth/", OIDCEndpoint.as_view(), name="oidc"),
# Auth
path("sign-in/", SignInEndpoint.as_view(), name="sign-in"),
path("sign-out/", SignOutEndpoint.as_view(), name="sign-out"),
Expand Down
2 changes: 2 additions & 0 deletions apiserver/plane/app/views/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@

from .oauth import OauthEndpoint

from .oidc import OIDCEndpoint

from .base import BaseAPIView, BaseViewSet, WebhookMixin

from .workspace import (
Expand Down
47 changes: 47 additions & 0 deletions apiserver/plane/app/views/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ def get(self, request):
GOOGLE_CLIENT_ID,
GITHUB_CLIENT_ID,
GITHUB_APP_NAME,
OIDC_AUTO,
OIDC_CLIENT_ID,
OIDC_CLIENT_SECRET,
OIDC_URL_AUTHORIZATION,
OIDC_URL_TOKEN,
OIDC_URL_USERINFO,
OIDC_URL_ENDSESSION,
EMAIL_HOST_USER,
EMAIL_HOST_PASSWORD,
ENABLE_MAGIC_LINK_LOGIN,
Expand All @@ -48,6 +55,34 @@ def get(self, request):
"key": "GITHUB_APP_NAME",
"default": os.environ.get("GITHUB_APP_NAME", None),
},
{
"key": "OIDC_AUTO",
"default": os.environ.get("OIDC_AUTO", None),
},
{
"key": "OIDC_CLIENT_ID",
"default": os.environ.get("OIDC_CLIENT_ID", None),
},
{
"key": "OIDC_CLIENT_SECRET",
"default": os.environ.get("OIDC_CLIENT_SECRET", None),
},
{
"key": "OIDC_URL_AUTHORIZATION",
"default": os.environ.get("OIDC_URL_AUTHORIZATION", None),
},
{
"key": "OIDC_URL_TOKEN",
"default": os.environ.get("OIDC_URL_TOKEN", None),
},
{
"key": "OIDC_URL_USERINFO",
"default": os.environ.get("OIDC_URL_USERINFO", None),
},
{
"key": "OIDC_URL_ENDSESSION",
"default": os.environ.get("OIDC_URL_ENDSESSION", None),
},
{
"key": "EMAIL_HOST_USER",
"default": os.environ.get("EMAIL_HOST_USER", None),
Expand Down Expand Up @@ -96,6 +131,18 @@ def get(self, request):
GITHUB_CLIENT_ID if GITHUB_CLIENT_ID and GITHUB_CLIENT_ID != '""' else None
)
data["github_app_name"] = GITHUB_APP_NAME
data["oidc_auto"] = (
bool(OIDC_CLIENT_ID) and
bool(OIDC_CLIENT_SECRET) and
bool(OIDC_URL_AUTHORIZATION) and
bool(OIDC_URL_TOKEN) and
bool(OIDC_URL_USERINFO)
) and OIDC_AUTO == "1"
data["oidc_client_id"] = (
OIDC_CLIENT_ID if OIDC_CLIENT_ID and OIDC_CLIENT_ID != '""' else None
)
data["oidc_url_authorize"] = OIDC_URL_AUTHORIZATION
data["oidc_url_endsession"] = OIDC_URL_ENDSESSION
data["magic_login"] = (
bool(EMAIL_HOST_USER) and bool(EMAIL_HOST_PASSWORD)
) and ENABLE_MAGIC_LINK_LOGIN == "1"
Expand Down
Loading
Loading