Skip to content
This repository has been archived by the owner on Sep 20, 2023. It is now read-only.

Commit

Permalink
#70 fix oauth2
Browse files Browse the repository at this point in the history
  • Loading branch information
jeromeleonard committed Oct 29, 2020
1 parent e77e796 commit 773b186
Showing 1 changed file with 48 additions and 27 deletions.
75 changes: 48 additions & 27 deletions admin/admin-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -389,37 +389,58 @@ session {
}
```

#### OAUTH2 Example
#### OAuth2

Authenticate the user using an external OAuth2 authenticator server. The configuration is:

- clientId (string) client ID in the OAuth2 server.
- clientSecret (string) client secret in the OAuth2 server.
- redirectUri (string) the url of TheHive AOuth2 page (.../api/ssoLogin).
- responseType (string) type of the response. Currently only "code" is accepted.
- grantType (string) type of the grant. Currently only "authorization_code" is accepted.
- authorizationUrl (string) the url of the OAuth2 server.
- authorizationHeader (string) prefix of the authorization header to get user info: Bearer, token, ...
- tokenUrl (string) the token url of the OAuth2 server.
- userUrl (string) the url to get user information in OAuth2 server.
- scope (list of string) list of scope.

##### Example

```
oauth2 {
name: oauth2
clientId: "client-id"
clientSecret: "client-secret"
redirectUri: "http://localhost:9000/api/ssoLogin"
responseType: code
grantType: "authorization_code"
authorizationUrl: "https://github.com/login/oauth/authorize"
authorizationHeader: "token"
tokenUrl: "https://github.com/login/oauth/access_token"
userUrl: "https://api.github.com/user"
scope: ["user"]
}
sso {
autocreate: false
autoupdate: false
mapper: "simple"
attributes {
login: "login"
name: "name"
roles: "role"
}
defaultRoles: ["read", "analyze"]
defaultOrganization: "demo"
auth {
provider = [local, oauth2]
[..]
sso {
autocreate: false
autoupdate: false
mapper: "simple"
attributes {
login: "login"
name: "name"
roles: "role"
}
defaultRoles: ["read", "analyze"]
defaultOrganization: "demo"
}
oauth2 {
name: oauth2
clientId: "Client_ID"
clientSecret: "Client_ID"
redirectUri: "http://localhost:9001/api/ssoLogin"
responseType: code
grantType: "authorization_code"
authorizationUrl: "https://github.com/login/oauth/authorize"
authorizationHeader: "token"
tokenUrl: "https://github.com/login/oauth/access_token"
userUrl: "https://api.github.com/user"
scope: ["user"]
}
[..]
}
```


Expand Down

0 comments on commit 773b186

Please sign in to comment.