2.0 KiB
2.0 KiB
Generic OAuth 2
Login provider set-up
Like the other PassportJS login providers, we'll need a separate "OAuth2 Client" (others call it an "app", a "product" etc.) for our Federated Wiki instance.
How to do this varies slightly for each provider.
config.json
In general, you will need to specify:
oauth2_clientID-- some systems generate this for you, others allow you to specify itoauth2_clientSecret-- secure key (keep this secret!)oauth2_AuthorizationURLandoauth2_TokenURL-- from your login provider's documentation
You will also need to specify a callback URL. For some providers, you can add
this when making a new "OAuth Client" for your wiki, for others you will need to
specify it with oauth2_CallbackURL.
You might also need to tell Federated Wiki how to look up usernames:
oauth2_UserInfoURL-- from login provider's documentationoauth2_IdField,oauth2_DisplayNameField,oauth2_UsernameField-- starting withparamsfor information returned in the original token request, orprofilefor data returned fromoauth2_UserInfoURL, if you provided it.
Sometimes, you'll be able to look up the URLs by visiting your provider's
/.well-known/openid-configuration URL in a web browser.
Examples
Nextcloud
{
"farm": true,
"security_type": "passportjs",
"oauth2_clientID": "CLIENT ID",
"oauth2_clientSecret": "CLIENT SECRET",
"oauth2_AuthorizationURL": "https://auth.example.com/oauth2/authorize",
"oauth2_TokenURL": "https://auth.example.com/oauth2/token",
}
Keycloak
{
"farm": true,
"security_type": "passportjs",
"oauth2_clientID": "CLIENT ID",
"oauth2_clientSecret": "CLIENT SECRET",
"oauth2_AuthorizationURL": "https://auth.example.com/auth/realms/Wiki.Cafe/protocol/openid-connect/auth",
"oauth2_TokenURL": "https://auth.example.com/auth/realms/Wiki.Cafe/protocol/openid-connect/token",
"oauth2_UserInfoURL": "https://auth.example.com/auth/realms/Wiki.Cafe/protocol/openid-connect/userinfo",
"oauth2_UsernameField": "profile.preferred_username"
}