zrok/assets/js/6e881e32.29c415c5.js

1 line
15 KiB
JavaScript
Raw Normal View History

"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[3182],{2478:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>l,frontMatter:()=>s,metadata:()=>a,toc:()=>h});var i=n(5893),o=n(1151);const s={},r="OAuth Public Frontend Configuration",a={id:"guides/self-hosting/oauth/configuring-oauth",title:"OAuth Public Frontend Configuration",description:"As of v0.4.7, zrok includes OAuth integration for both Google and GitHub for zrok access public public frontends.",source:"@site/../docs/guides/self-hosting/oauth/configuring-oauth.md",sourceDirName:"guides/self-hosting/oauth",slug:"/guides/self-hosting/oauth/configuring-oauth",permalink:"/docs/guides/self-hosting/oauth/configuring-oauth",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/oauth/configuring-oauth.md",tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"OAuth",permalink:"/docs/category/oauth"},next:{title:"Instance Config",permalink:"/docs/guides/self-hosting/instance-configuration"}},c={},h=[{value:"Planning for the OAuth Frontend",id:"planning-for-the-oauth-frontend",level:2},{value:"Configuring a Google OAuth Client ID",id:"configuring-a-google-oauth-client-id",level:2},{value:"OAuth Content Screen",id:"oauth-content-screen",level:3},{value:"Create the OAuth 2.0 Client ID",id:"create-the-oauth-20-client-id",level:3},{value:"Configuring a GitHub Client ID",id:"configuring-a-github-client-id",level:2},{value:"Configuring your Public Frontend",id:"configuring-your-public-frontend",level:2},{value:"Enabling OAuth on a Public Share",id:"enabling-oauth-on-a-public-share",level:2}];function d(e){const t={code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",img:"img",p:"p",pre:"pre",...(0,o.a)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"oauth-public-frontend-configuration",children:"OAuth Public Frontend Configuration"})}),"\n",(0,i.jsxs)(t.p,{children:["As of ",(0,i.jsx)(t.code,{children:"v0.4.7"}),", ",(0,i.jsx)(t.code,{children:"zrok"})," includes OAuth integration for both Google and GitHub for ",(0,i.jsx)(t.code,{children:"zrok access public"})," public frontends."]}),"\n",(0,i.jsx)(t.p,{children:"This integration allows you to create public shares and request that the public frontend authenticate your users against either the Google or GitHub OAuth endpoints (using the user's Google or GitHub accounts). Additionally, you can restrict the email address domain associated with the count to a list of domains that you provide when you create the share."}),"\n",(0,i.jsxs)(t.p,{children:["This is a first step towards a more comprehensive portfolio of user authentication strategies in future ",(0,i.jsx)(t.code,{children:"zrok"})," releases."]}),"\n",(0,i.jsx)(t.h2,{id:"planning-for-the-oauth-frontend",children:"Planning for the OAuth Frontend"}),"\n",(0,i.jsx)(t.p,{children:"The current implementation of the OAuth public frontend uses a HTTP listener to handle redirects from OAuth providers. You'll need to configure a DNS name and a port for this listener that is accessible by your end users. We'll refer to this listener as the \"OAuth frontend\" in this guide."}),"\n",(0,i.jsx)(t.p,{children:'We\'ll use the public DNS address of the OAuth frontend when creating the Google and GitHub OAuth clients below. This address is typically configured into these clients as the "redirect URL" where these clients will send the authenticated users after authentication.'}),"\n",(0,i.jsxs)(t.p,{children:["The ",(0,i.jsx)(t.code,{children:"zrok"})," OAuth frontend will capture the successful authentication and forward the user back to their original destination."]}),"\n",(0,i.jsx)(t.h2,{id:"configuring-a-google-oauth-client-id",children:"Configuring a Google OAuth Client ID"}),"\n",(0,i.jsx)(t.h3,{id:"oauth-content-screen",children:"OAuth Content Screen"}),"\n",(0,i.jsx)(t.p,{children:'Before you can configure an OAuth Client ID in Google Cloud, you have to configure the "OAuth content screen".'}),"\n",(