Comments (13)
Can you provide a few examples?
from ueberauth.
Can you provide a few examples?
Take any of the strategies and try to define it multiple times, e.g. Keycloack strategy for a Keycloack instance and Authentik. It will fail.
from ueberauth.
@samip5 do you mind providing a code snippet with your configuration?
You should be able to do the following:
config :ueberauth, Ueberauth,
providers: [
keycloackone: { Ueberauth.Strategy. Keycloack, [] },
keycloacktwo: { Ueberauth.Strategy. Keycloack, [] },] }
]
The key is what matters.
from ueberauth.
I can confirm, I've done similar thing with Facebook. Works like a charm.
from ueberauth.
It may be that we are defining it weirdly in Mobilizon.
I'm not at all sure how one would define multiple config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth
so that it would be for the specific provider.
config :ueberauth,
Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email"]}
]
config :mobilizon, :auth,
oauth_consumer_strategies: [
{:keycloak, "Pikaviestin.fi -tunnus"}
]
authentik_url = "https://login.pikaviestin.fi"
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: "<snip>",
client_secret: "<snip>",
site: authentik_url,
authorize_url: "#{authentik_url}/application/o/authorize/",
token_url: "#{authentik_url}/application/o/token/",
userinfo_url: "#{authentik_url}/application/o/userinfo/",
token_method: :post
from ueberauth.
So the proper solution would be to be able to pass provider specific info in the strategy opts?
Something like this possibly?
config :ueberauth,
Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email", client_id: "123", client_secret: "321"]}
]
from ueberauth.
To me it looks more of an issue with provider implementation. If it read data from source different than config, it could be done quite easily.
from ueberauth.
So the proper solution would be to be able to pass provider specific info in the strategy opts? Something like this possibly?
config :ueberauth, Ueberauth, providers: [ keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email", client_id: "123", client_secret: "321"]} ]
Possibly, but that wouldn't help with URLs portion of the equation.
It's very possible that the problem is the implementation in Mobilizon instead of it being an problem in ueberauth itself.
from ueberauth.
@samip5 do you mind providing a code snippet with your configuration?
You should be able to do the following:
config :ueberauth, Ueberauth, providers: [ keycloackone: { Ueberauth.Strategy. Keycloack, [] }, keycloacktwo: { Ueberauth.Strategy. Keycloack, [] },] } ]The key is what matters.
If you set it like that, how would you set different options per provider for urls and keys?
from ueberauth.
Would something like this be acceptable API format?
config :ueberauth, Ueberauth,
providers: [
keycloackone:
{Ueberauth.Strategy.Keycloack,
[
client_id: "<snip>",
client_secret: "<snip>",
site: authentik_url,
authorize_url: "#{authentik_url}/application/o/authorize/",
token_url: "#{authentik_url}/application/o/token/",
userinfo_url: "#{authentik_url}/application/o/userinfo/",
token_method: :post
]},
keycloacktwo:
{Ueberauth.Strategy.Keycloack,
[
client_id: "<snip2>",
client_secret: "<2snip>",
site: authentik_ur2l,
authorize_url: "#{authentik_url}/appasdlication/o/authorize/",
token_url: "#{authentik_url}/applicatiasdon/o/token/",
userinfo_url: "#{authentik_url}/applicasdation/o/userinfo/",
token_method: :post
]}
]
I am not sure if current version of Ueberauth will allow this.
Strategy itself also needs to be changed, and it seems like Keycloak Strategy is not under the ueberauth. I can create an appropriate PR for that repo, but I cannot guarantee I can persuade owner to accept the changes.
from ueberauth.
I think the array [] is for scopes though originally, but otherwise that would look reasonable yes.
from ueberauth.
If the provider doesn't support this, it might be an issue with the provider. I know that I've been testing UeberauthOidcc with multiple providers against Keycloak and it works fine, so you might give that a shot if the other one isn't working.
from ueberauth.
If the provider doesn't support this, it might be an issue with the provider. I know that I've been testing UeberauthOidcc with multiple providers against Keycloak and it works fine, so you might give that a shot if the other one isn't working.
I think the problem might not be the provider but how it's implemented in the app in question.
from ueberauth.
Related Issues (20)
- OAuth2 needs new maintainers HOT 4
- State nonce cookie should properly be signed HOT 2
- How can run Ueberauth plug directly? HOT 3
- Custom `callback_port` and `callback_scheme` not used HOT 1
- Callback URL not mounted right when router has nested paths
- Can't set strategy options at runtime HOT 2
- Line Login v2.1 update request which I've done HOT 4
- Gracefully handle unknown providers HOT 10
- callback_port config compiled into plug at compile time HOT 10
- App.Auth.AuthController.request/2 is undefined or private HOT 1
- minor: mix package versions are out of date
- New hex.pm release? HOT 1
- Incorrect callback_url when using Bandit.PhoenixAdapter
- put_session successful, but get_session failed HOT 1
- function MyAppWeb.OAuthController.request/2 is undefined or private HOT 1
- Support for nonces HOT 1
- Incomplete docs to configure pipeline and check that user is authenticated HOT 3
- Latest release breaks existing paths HOT 6
- Latest version is retired HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ueberauth.