netmaker/docs/_build/html/_sources/oauth.rst.txt

82 lines
2.8 KiB
Text
Raw Normal View History

2021-10-30 03:00:38 +08:00
====================
2021-10-29 00:56:05 +08:00
Integrating OAuth
====================
Introduction
==============
As of v0.8.5, Netmaker offers integration with the following OAuth providers:
- GitHub
- Google
- Microsoft Azure AD
By integrating with an OAuth provider, your Netmaker users can log in via the provider, rather than the default simple auth.
Configuring your provider
===========================
In order to use OAuth, configure your OAuth provider (GitHub, Google, Azure AD).
2021-11-17 11:39:28 +08:00
You must configure your provider (except for Azure AD) to use the Netmaker Dashboard URI dashboard.<netmaker.base.domain> as the origin URL.
2021-10-29 00:56:05 +08:00
For example: `https://dashboard.netmaker.mydomain.com`
2021-11-17 11:39:28 +08:00
You must configure your provider to use the Netmaker API URI redirect route with the following format: https://api.<netmaker base domain>/api/oauth/callback.
2021-10-29 00:56:05 +08:00
2021-11-17 11:39:28 +08:00
For example: `https://api.netmaker.mydomain.com/api/oauth/callback`
2021-10-29 00:56:05 +08:00
General provider instructions can be found with the following links:
Instructions for GitHub: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#github-auth-provider
Instructions for Google: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#google-auth-provider
Instructions for Microsoft Azure AD: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#microsoft-azure-ad-provider
Configuring Netmaker
======================
After you have configured your OAuth provider, take note of the CLIENT_ID and CLIENT_SECRET.
Next, Configure Netmaker with the following environment variables. If any are left blank, OAuth will fail.
.. code-block::
2021-11-17 11:39:28 +08:00
AUTH_PROVIDER: "<azure-ad|github|google>"
CLIENT_ID: "<client id of your oauth provider>"
CLIENT_SECRET: "<client secret of your oauth provider>"
SERVER_HTTP_HOST: "api.<netmaker base domain>"
FRONTEND_URL: "https://dashboard.<netmaker base domain>"
2021-10-29 00:56:05 +08:00
2021-11-17 11:39:28 +08:00
After restarting your server, the Netmaker logs will indicate if the OAuth provider was successfully initialized:
.. code-block::
sudo docker logs netmaker
2021-10-29 00:56:05 +08:00
Once successful, users can click the key symbol on the login page to sign-in with your configured OAuth provider.
2021-10-29 05:38:39 +08:00
.. image:: images/oauth1.png
:width: 80%
:alt: Login Oauth
:align: center
2021-10-29 00:56:05 +08:00
Configuring User Permissions
===============================
All users logging in will have zero permissions on first sign-in. An admin must configure all user permissions.
Admins must navigate to the "Users" screen to configure permissions.
For each user, an admin must specify which networks that user has access to configure. Additionally, an Admin can elevate a user to Admin permissions.
2021-10-30 03:13:13 +08:00
.. image:: images/oauth3.png
2021-10-29 05:38:39 +08:00
:width: 80%
2021-10-30 03:13:13 +08:00
:alt: Edit User 2
2021-10-29 05:38:39 +08:00
:align: center
2021-10-30 03:13:13 +08:00
.. image:: images/oauth2.png
2021-10-29 05:38:39 +08:00
:width: 80%
2021-10-30 03:13:13 +08:00
:alt: Edit User
2021-10-29 05:38:39 +08:00
:align: center