Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kanboard/plugin-oauth2

Generic OAuth2 authentication plugin
https://github.com/kanboard/plugin-oauth2

oauth2 plugin

Last synced: 2 months ago
JSON representation

Generic OAuth2 authentication plugin

Awesome Lists containing this project

README 

          
OAuth2 Authentication

=====================



Generic OAuth2 authentication plugin.



Author

------



- Frédéric Guillot

- License MIT



Requirements

------------



- Kanboard >= 1.0.37



Installation

------------



You have the choice between 3 methods:



1. Install the plugin from the Kanboard plugin manager in one click

2. Download the zip file and decompress everything under the directory `plugins/OAuth2`

3. Clone this repository into the folder `plugins/OAuth2`



Note: Plugin folder is case-sensitive.



Configuration

-------------



> **Note:** Also works with most OpenID Providers



Go to the application settings > integrations > OAuth2 Authentication.



### 1) Create a new application on the OAuth2 provider



Go to the third-party authentication provider and add a new application. 

Copy and paste the **Kanboard callback URL** and generate a new set of tokens.



The third-party provider will returns a **Client ID** and a **Client Secret**.

Copy those values in the Kanboard's settings.



### 2) Configure the provider in Kanboard



- **Client ID**: Unique ID that comes from the third-party provider

- **Client Secret**: Unique token that comes from the third-party provider

- **Authorize URL**: URL used for authorization

- **Token URL**: URL used to get tokens from third-party provider

- **User API URL**: URL used to fetch user profile after authentication

- **Username Key**: Key used to fetch the username from the user API response

- **Name Key**: Key used to fetch the full name

- **Email Key**: Key used to fetch the user email

- **User ID Key**: Key used to fetch the unique user ID



Notes

-----



If "Allow Account Creation" checkbox is checked, anyone who goes to the login page, clicks the

"OAuth2 Login" link, and correctly validates with your Oauth2 backend will automatically have 

their account created. No need to create the user in Kanboard or to use the "Invite people" 

link in the users area.



Examples

--------



Example for Github OAuth2:



- **Authorize URL**: `https://github.com/login/oauth/authorize`

- **Token URL**: `https://github.com/login/oauth/access_token`

- **User API URL**: `https://api.github.com/user`

- **Username Key**: `login`

- **Name Key**: `name`

- **Email Key**: `email`

- **User ID Key**: `id`



Example for Salesforce:



- **Authorize URL**: `https://login.salesforce.com/services/oauth2/authorize`

- **Token URL**: `https://login.salesforce.com/services/oauth2/token`

- **User API URL**: `https://login.salesforce.com/services/oauth2/userinfo`

- **Username Key**: `nickname`

- **Name Key**: `name`

- **Email Key**: `email`

- **User ID Key**: `user_id`



Example for Discord:



- **Authorize URL**: `https://discord.com/api/oauth2/authorize`

- **Token URL**: `https://discord.com/api/oauth2/token`

- **User API URL**: `https://discordapp.com/api/users/@me`

- **Scopes**: `email identify`

- **Username Key**: `username`

- **Name Key**: `username`

- **Email Key**: `email`

- **User ID Key**: `id`



Example for Gitea:



- **Authorize URL**: `https://try.gitea.io/login/oauth/authorize`

- **Token URL**: `https://try.gitea.io/login/oauth/access_token`

- **User API URL**: `https://try.gitea.io/login/oauth/userinfo`

- **Scopes**: `openid profile email groups`

- **Username Key**: `preferred_username`

- **Name Key**: `name`

- **Email Key**: `email`

- **User ID Key**: `sub`



Example for Slack:



- **Authorize URL**: `https://slack.com/openid/connect/authorize`

- **Token URL**: `https://slack.com/api/openid.connect.token`

- **User API URL**: `https://slack.com/api/openid.connect.userInfo`

- **Scopes**: `openid profile email`

- **Username Key**: `name`

- **Name Key**: `name`

- **Email Key**: `email`

- **User ID Key**: `sub`



Example for Azure AD (find the URLs with proper UUIDs in your Azure app page):



- **Authorize URL**: `https://login.microsoftonline.com//oauth2/v2.0/authorize`

- **Token URL**: `https://login.microsoftonline.com//oauth2/v2.0/token`

- **User API URL**: `https://graph.microsoft.com/v1.0/me`

- **Scopes**: `User.Read`

- **Username Key**: `userPrincipalName`

- **Name Key**: `displayName`

- **Email Key**: `mail`

- **User ID Key**: `id`



Example for self-hosted Authentik:



- **Authorize URL**: `https://auth.domain.tld/application/o/authorize/`

- **Token URL**: `https://auth.domain.tld/application/o/token/`

- **User API URL**: `https://auth.domain.tld/application/o/userinfo/`

- **Scopes**: `openid profile email`

- **Username Key**: `preferred_username`

- **Name Key**: `name`

- **Email Key**: `email`

- **User ID Key**: `sub`