Generic OAuth2 authentication plugin

Go to file

cupcakearmy ad9a5c16d5 add possibility of adding custom,static groups		2023-01-28 22:36:16 +01:00
.github	Setup GitHub CI	2020-04-04 21:20:23 -07:00
Auth	Possible to set space seperated scopes in the settings	2017-04-16 18:01:51 +02:00
Controller	First commit	2016-12-03 22:18:47 -05:00
Locale/fr_FR	First commit	2016-12-03 22:18:47 -05:00
Schema	First commit	2016-12-03 22:18:47 -05:00
Template	settings fiel	2023-01-28 22:35:58 +01:00
Test	First commit	2016-12-03 22:18:47 -05:00
User	add possibility of adding custom,static groups	2023-01-28 22:36:16 +01:00
.gitignore	First commit	2016-12-03 22:18:47 -05:00
LICENSE	First commit	2016-12-03 22:18:47 -05:00
Makefile	First commit	2016-12-03 22:18:47 -05:00
Plugin.php	Add option to rename link on login page	2020-09-30 21:15:03 -07:00
README.md	add slack as example	2022-11-17 21:18:19 -08:00

README.md

OAuth2 Authentication

Generic OAuth2 authentication plugin.

Author

Frédéric Guillot
License MIT

Requirements

Kanboard >= 1.0.37

Installation

You have the choice between 3 methods:

Install the plugin from the Kanboard plugin manager in one click
Download the zip file and decompress everything under the directory plugins/OAuth2
Clone this repository into the folder plugins/OAuth2

Note: Plugin folder is case-sensitive.

Configuration

Note: Also works with most OpenID Providers

Go to the application settings > integrations > OAuth2 Authentication.

1) Create a new application on the OAuth2 provider

Go to the third-party authentication provider and add a new application. Copy and paste the Kanboard callback URL and generate a new set of tokens.

The third-party provider will returns a Client ID and a Client Secret. Copy those values in the Kanboard's settings.

2) Configure the provider in Kanboard

Client ID: Unique ID that comes from the third-party provider
Client Secret: Unique token that comes from the third-party provider
Authorize URL: URL used for authorization
Token URL: URL used to get tokens from third-party provider
User API URL: URL used to fetch user profile after authentication
Username Key: Key used to fetch the username from the user API response
Name Key: Key used to fetch the full name
Email Key: Key used to fetch the user email
User ID Key: Key used to fetch the unique user ID

Examples

Example for Github OAuth2:

Authorize URL: https://github.com/login/oauth/authorize
Token URL: https://github.com/login/oauth/access_token
User API URL: https://api.github.com/user
Username Key: login
Name Key: name
Email Key: email
User ID Key: id

Example for Salesforce:

Authorize URL: https://login.salesforce.com/services/oauth2/authorize
Token URL: https://login.salesforce.com/services/oauth2/token
User API URL: https://login.salesforce.com/services/oauth2/userinfo
Username Key: nickname
Name Key: name
Email Key: email
User ID Key: user_id

Example for Discord:

Authorize URL: https://discord.com/api/oauth2/authorize
Token URL: https://discord.com/api/oauth2/token
User API URL: https://discordapp.com/api/users/@me
Scopes: email identify
Username Key: username
Name Key: username
Email Key: email
User ID Key: id

Example for Gitea:

Authorize URL: https://try.gitea.io/login/oauth/authorize
Token URL: https://try.gitea.io/login/oauth/access_token
User API URL: https://try.gitea.io/login/oauth/userinfo
Scopes: openid profile email groups
Username Key: preferred_username
Name Key: name
Email Key: email
User ID Key: sub

Example for Slack:

Authorize URL: https://slack.com/openid/connect/authorize
Token URL: https://slack.com/api/openid.connect.token
User API URL: https://slack.com/api/openid.connect.userInfo
Scopes: openid profile email
Username Key: name
Name Key: name
Email Key: email
User ID Key: sub