Hydra基于断头台的身份提供程序
guillotina-hydraidp的Python项目详细描述
这个插件旨在通过断头台提供身份提供者 为海德拉。
它还实现了hydra的登录和同意流。
端点:
- GET /@users
- POST /@users {‘id’, ‘username’, ‘password’, ‘phone’, ‘email’, ‘data’, ‘allowed_scopes’}
- DELETE /@users/{userid}
- GET /@users/{userid}
- GET /@hydra-login
- POST /@hydra-login
- GET /@hydra-consent
- POST /@hydra-consent
- POST /@hydra-join
- GET /@hydra-user
- PATCH /@hydra-user
配置
配置取决于前端登录实现。使用应用程序 它呈现html,并且可以是auth端点,从而使流更加简单。
请参阅repo和integration测试流中的angular app示例,了解如何 它可以工作。
测试需要使用以下配置运行Hydra实例:
- OAUTH2_ISSUER_URL=http://localhost:4444
- OAUTH2_CONSENT_URL=http://localhost:8080/@hydra-consent
- OAUTH2_LOGIN_URL=http://localhost:8080/@hydra-login
- DATABASE_URL=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable
- SYSTEM_SECRET=youReallyNeedToChangeThis
- OAUTH2_SHARE_ERROR_DEBUG=1
- OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
- OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
然后需要配置断头台:
auth_providers:
hydra:
configuration:
client_id: auth-code-client
client_secret: secret
base_url: http://localhost:4444/
authorize_url: http://localhost:4444/oauth2/auth
access_token_url: http://localhost:4444/oauth2/token
state: true
scope: openid offline
hydra:
db:
dsn: postgres://hydra:secret@localhost:5432/hydra
pool_size: 20
# hydra admin url should be internal, protected!
admin_url: http://localhost:4445/
allow_registration: false
recaptcha_private_key: null
recaptcha_public_key: null
要将OAuth客户端添加到Hydra,请执行以下操作:
curl -XPUT http://localhost:4445/clients/auth-code-client -d '{
"client_id": "auth-code-client",
"client_name": "",
"redirect_uris": [
"http://localhost:8080/@callback/hydra"
],
"grant_types": [
"authorization_code",
"refresh_token"
],
"response_types": [
"code",
"id_token"
],
"scope": "openid offline",
"owner": "",
"policy_uri": "",
"allowed_cors_origins": [],
"tos_uri": "",
"client_uri": "",
"logo_uri": "",
"contacts": [],
"client_secret_expires_at": 0,
"subject_type": "public",
"jwks": {
"keys": null
},
"token_endpoint_auth_method": "client_secret_post",
"userinfo_signed_response_alg": "none"
}'
见https://github.com/guillotinaweb/guillotina_hydraidp/blob/master/integration_tests.py 例如使用流。
这只是api实现。你仍然需要实现前端!
范围格式
使用作用域授予对断头台容器的访问权限。
作用域的格式为:[container id]:[type]:[value]。
例如,要让用户以用户身份访问containercms,作用域将是cms:role:guillotina.member
其他示例: -cms:role:guillotina.reader -cms:权限:guillotina.accesscontent
开发前端
开始持久层:
docker-compose up redis postgres hydra-migrate hydra hydra-proxy
启动IDP:
virtualenv . source bin/activate g -c config-pg.yaml
开始ngapp:
cd loginapp ng serve
打开浏览器:
http://localhost:4200
1.0.3(2018-10-27)
- 添加事件 [血淋淋的]
1.0.2(2018-10-25)
- 加入rsa发布密钥 [血淋淋的]
1.0.1(2018-10-22)
- 能够作为常规登录端点工作 [范希姆]
- 提供角度登录应用程序 [血淋淋的]
1.0.0(2018-10-09)
- 首字母
欢迎加入QQ群-->: 979659372
