Add an endpoint to return active authentication providers
This endpoint can be used by Angular to figure out what authentication options to display to the user. It returns a dictionary of configuration details that the front-end needs for each provider.
This commit is contained in:
parent
350d013043
commit
60856cb7b9
@ -262,11 +262,18 @@ for those plugins.
|
||||
|
||||
Authentication
|
||||
--------------
|
||||
Lemur currently supports Basic Authentication and Ping OAuth2 out of the box. Additional flows can be added relatively easily.
|
||||
If you are not using Ping you do not need to configure any of these options.
|
||||
Lemur currently supports Basic Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
|
||||
If you are not using an authentication provider you do not need to configure any of these options.
|
||||
|
||||
For more information about how to use social logins, see: `Satellizer <https://github.com/sahat/satellizer>`_
|
||||
|
||||
.. data:: ACTIVE_PROVIDERS
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
ACTIVE_PROVIDERS = ["ping", "google"]
|
||||
|
||||
.. data:: PING_SECRET
|
||||
:noindex:
|
||||
|
||||
@ -296,6 +303,33 @@ For more information about how to use social logins, see: `Satellizer <https://g
|
||||
|
||||
PING_JWKS_URL = "https://<yourpingserver>/pf/JWKS"
|
||||
|
||||
.. data:: PING_NAME
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
PING_NAME = "Example Oauth2 Provider"
|
||||
|
||||
.. data:: PING_CLIENT_ID
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
PING_CLIENT_ID = "client-id"
|
||||
|
||||
.. data:: GOOGLE_CLIENT_ID
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
GOOGLE_CLIENT_ID = "client-id"
|
||||
|
||||
.. data:: GOOGLE_SECRET
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
GOOGLE_SECRET = "somethingsecret"
|
||||
|
||||
|
||||
AWS Plugin Configuration
|
||||
|
@ -270,6 +270,40 @@ class Google(Resource):
|
||||
return dict(token=create_token(user))
|
||||
|
||||
|
||||
class Providers(Resource):
|
||||
|
||||
def get(self):
|
||||
|
||||
active_providers = dict()
|
||||
|
||||
for provider in current_app.config.get("ACTIVE_PROVIDERS"):
|
||||
provider = provider.lower()
|
||||
|
||||
if provider == "google":
|
||||
|
||||
active_providers["google"] = {
|
||||
'clientId': current_app.config.get("GOOGLE_CLIENT_ID"),
|
||||
'url': api.url_for(Google)
|
||||
}
|
||||
|
||||
elif provider == "ping":
|
||||
|
||||
active_providers["oauth2"] = {
|
||||
'name': current_app.config.get("PING_NAME"),
|
||||
'url': api.url_for(Ping),
|
||||
'redirectUri': '', # TODO
|
||||
'clientId': current_app.config.get("PING_CLIENT_ID"),
|
||||
'responseType': 'code',
|
||||
'scope': ['openid', 'email', 'profile', 'address'],
|
||||
'scopeDelimeter': ' ',
|
||||
'authorizationEndpoint': '', # TODO
|
||||
'requiredUrlParams': ['scope']
|
||||
}
|
||||
|
||||
return active_providers
|
||||
|
||||
|
||||
api.add_resource(Login, '/auth/login', endpoint='login')
|
||||
api.add_resource(Ping, '/auth/ping', endpoint='ping')
|
||||
api.add_resource(Google, '/auth/google', endpoint='google')
|
||||
api.add_resource(Providers, '/auth/providers', endpoint='providers')
|
||||
|
25
lemur/static/app/angular/app.js
vendored
25
lemur/static/app/angular/app.js
vendored
@ -18,7 +18,7 @@ var lemur = angular
|
||||
'angular-clipboard',
|
||||
'ngFileSaver'
|
||||
])
|
||||
.config(function ($stateProvider, $urlRouterProvider, $authProvider) {
|
||||
.config(function ($stateProvider, $urlRouterProvider, $authProvider, AuthenticationService) {
|
||||
$urlRouterProvider.otherwise('/welcome');
|
||||
|
||||
$stateProvider
|
||||
@ -27,17 +27,18 @@ var lemur = angular
|
||||
templateUrl: 'angular/welcome/welcome.html'
|
||||
});
|
||||
|
||||
$authProvider.oauth2({
|
||||
name: 'example',
|
||||
url: 'http://localhost:8000/api/1/auth/ping',
|
||||
redirectUri: 'http://localhost:3000/',
|
||||
clientId: 'client-id',
|
||||
responseType: 'code',
|
||||
scope: ['openid', 'email', 'profile', 'address'],
|
||||
scopeDelimiter: ' ',
|
||||
authorizationEndpoint: 'https://example.com/as/authorization.oauth2',
|
||||
requiredUrlParams: ['scope']
|
||||
});
|
||||
AuthenticationService.get_providers().then(function (active_providers) {
|
||||
var provider_names = [];
|
||||
for (var key in active_providers) {
|
||||
if (active_providers.hasOwnProperty(key)) {
|
||||
provider_names.push(key);
|
||||
}
|
||||
}
|
||||
|
||||
for (var i=0; i < provider_names.length; i++) {
|
||||
$authProvider[provider_names[i]](active_providers[provider_names[i]]);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
lemur.service('MomentService', function () {
|
||||
|
@ -12,6 +12,7 @@ angular.module('lemur')
|
||||
$scope.login = AuthenticationService.login;
|
||||
$scope.authenticate = AuthenticationService.authenticate;
|
||||
$scope.logout = AuthenticationService.logout;
|
||||
$scope.get_providers = AuthenticationService.get_providers;
|
||||
|
||||
UserService.getCurrentUser().then(function (user) {
|
||||
$scope.currentUser = user;
|
||||
|
@ -3,8 +3,8 @@
|
||||
<div class="login">
|
||||
<div class="row">
|
||||
<div class="col-xs-12 col-sm-12 col-md-12">
|
||||
<button class="btn btn-block btn-default" ng-click="authenticate('Example')">
|
||||
Login with Example
|
||||
<button class="btn btn-block btn-default" ng-repeat="(key, value) in get_providers()" ng-click="authenticate(key)">
|
||||
Login with {{key}}
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -6,6 +6,10 @@ angular.module('lemur')
|
||||
.service('AuthenticationService', function ($location, $rootScope, AuthenticationApi, UserService, toaster, $auth) {
|
||||
var AuthenticationService = this;
|
||||
|
||||
AuthenticationService.get_providers = function () {
|
||||
return AuthenticationApi.one('providers').get();
|
||||
};
|
||||
|
||||
AuthenticationService.login = function (username, password) {
|
||||
AuthenticationApi.customPOST({'username': username, 'password': password}, 'login')
|
||||
.then(
|
||||
|
Loading…
Reference in New Issue
Block a user