mirror of
https://github.com/openziti/zrok.git
synced 2025-01-03 12:39:07 +01:00
formatting imports and adding oauth small guide
This commit is contained in:
parent
e6e619860d
commit
a2312c3497
@ -2,12 +2,6 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
|
||||||
"os/signal"
|
|
||||||
"strings"
|
|
||||||
"syscall"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
tea "github.com/charmbracelet/bubbletea"
|
tea "github.com/charmbracelet/bubbletea"
|
||||||
"github.com/openziti/zrok/endpoints"
|
"github.com/openziti/zrok/endpoints"
|
||||||
"github.com/openziti/zrok/endpoints/proxy"
|
"github.com/openziti/zrok/endpoints/proxy"
|
||||||
@ -17,6 +11,11 @@ import (
|
|||||||
"github.com/openziti/zrok/tui"
|
"github.com/openziti/zrok/tui"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
"os"
|
||||||
|
"os/signal"
|
||||||
|
"strings"
|
||||||
|
"syscall"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
30
docs/guides/oauth/oauth_guide.md
Normal file
30
docs/guides/oauth/oauth_guide.md
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
## Enabling Oauth on Access Point
|
||||||
|
|
||||||
|
There is a new stanza in the access point configuration.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
oauth:
|
||||||
|
port: <host-port> #port to listen on oauth callbacks from
|
||||||
|
redirect_url: <host-url> #redirect url to feed into oauth flow
|
||||||
|
hash_key_raw: "<your-key>" #key we will use to sign our access token
|
||||||
|
providers: #which providers we configure to use.
|
||||||
|
- name: <provider-name>
|
||||||
|
client_id: <client-id> #the client id you get from your oauth provider
|
||||||
|
client_secret: <client-secret> #the client secret you get from your oauth provider
|
||||||
|
```
|
||||||
|
Currently we support the following Oauth providers:
|
||||||
|
- google
|
||||||
|
- github
|
||||||
|
|
||||||
|
We spin up a zitadel oidc server on the specified port that handled all of the oauth handshaking. With the response we create a cookie with the name `zrok-access`.
|
||||||
|
|
||||||
|
## Enabling Oath on Share
|
||||||
|
|
||||||
|
To utilize the oauth integration on the access point we need to add a few more flags to our share command. There are three new flags:
|
||||||
|
- `provider` : This is the provider to authenticate against. Options are the same as above dependant on what the acess point is configured for
|
||||||
|
- `oauth-domains` : A list of valid email domains that are allowed to access the service. for example `gmail.com`
|
||||||
|
- `oauth-check-interval` : How long a `zrok-access` token is valid for before reinitializing the oauth flow. This is defaultly 3 hours.
|
||||||
|
|
||||||
|
That's all it takes!
|
||||||
|
|
||||||
|
Now when a user connects to your share they will be prompted with the chosen oauth provider and allowed based on your allowed domains. Simply restarting the service won't force a reauth for users either. Changing the `provider` or `oauth-check-interval` will, however.
|
Loading…
Reference in New Issue
Block a user