rparodi/ft_transcendence
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(oauth2): provider.toml config file with template

Browse source
This commit is contained in:
Maieul BOYER 2025-10-25 15:47:42 +02:00 committed by Maix0
parent bc7a615dcf
commit 7557a7aa76
3 changed files with 208 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/auth/extra/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
providers.toml

186
src/auth/extra/providers.schema.json Normal file
View file

@ -0,0 +1,186 @@
{
"type": "object",
"properties": {
"providers": {
"type": "object",
"patternProperties": {
"^(.*)$": {
"anyOf": [
{
"type": "object",
"properties": {
"token_url": {
"type": "string"
},
"auth_url": {
"type": "string"
},
"info_url": {
"type": "string"
},
"client_id": {
"type": "string"
},
"client_secret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"description": "Secret is stored in the env var",
"type": "string"
}
},
"required": [
"env"
]
},
{
"type": "object",
"properties": {
"inline": {
"description": "Secret is inline here",
"type": "string"
}
},
"required": [
"inline"
]
}
]
},
"scopes": {
"type": "array",
"items": {
"type": "string"
}
},
"redirect_url": {
"type": "string"
},
"user": {
"default": {
"unique_id": "email",
"name": "name"
},
"type": "object",
"properties": {
"unique_id": {
"description": "A unique identifier for this provider",
"default": "email",
"type": "string"
},
"name": {
"description": "A name for this provider",
"default": "name",
"type": "string"
}
},
"required": [
"unique_id",
"name"
]
}
},
"required": [
"token_url",
"auth_url",
"info_url",
"client_id",
"client_secret",
"scopes",
"redirect_url",
"user"
]
},
{
"type": "object",
"properties": {
"openid_url": {
"type": "string"
},
"client_id": {
"type": "string"
},
"client_secret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"description": "Secret is stored in the env var",
"type": "string"
}
},
"required": [
"env"
]
},
{
"type": "object",
"properties": {
"inline": {
"description": "Secret is inline here",
"type": "string"
}
},
"required": [
"inline"
]
}
]
},
"scopes": {
"type": "array",
"items": {
"type": "string"
}
},
"redirect_url": {
"type": "string"
},
"user": {
"default": {
"unique_id": "email",
"name": "name"
},
"type": "object",
"properties": {
"unique_id": {
"description": "A unique identifier for this provider",
"default": "email",
"type": "string"
},
"name": {
"description": "A name for this provider",
"default": "name",
"type": "string"
}
},
"required": [
"unique_id",
"name"
]
}
},
"required": [
"openid_url",
"client_id",
"client_secret",
"scopes",
"redirect_url",
"user"
]
}
]
}
}
},
"$schema": {
"type": "string"
}
},
"required": [
"providers"
]
}

21
src/auth/extra/providers.toml.template Normal file
View file

@ -0,0 +1,21 @@
"$schema" = "https://maix.me/providers.schema.json"
[providers.provider-openid]
openid_url = "https://example.com/openid-url-without-.wellknown"
client_id = "CLIENT_ID"
client_secret.inline = "INLINED SECRET INSIDE CONFIG FILE"
scopes = ["any needed scope here", "openid", "email"]
# this url is to point to the local thingy - ask maieul
redirect_url = "https://local.maix.me:8888/api/auth/oauth2/provider-openid/callback"
# from the `info_url` request, which json key we will take an unique provider id (default:email) and an name for the user (default:name)
user = { unique_id = "email", name = "name" }
[providers.discord]
auth_url = "https://discord.com/oauth2/authorize"
token_url = "https://discord.com/api/oauth2/token"
info_url = "https://discord.com/api/v10/users/@me"
client_secret.env = "PROVIDER_SECRET_DISCORD" # here the secret is provided in the env var with that name
client_id = "CLIENT_ID"
redirect_url = "https://local.maix.me:8888/api/auth/oauth2/discord/callback"
scopes = ["identify"] # here no email asked :)
user = { unique_id = "id", name = "username" } # for example discord provides some stuff, like unique_id and username, such that we dont have to ask additional permission to get the email