nano-run/_docs/ui_authorization.md
2020-10-02 12:40:18 +08:00

1.3 KiB

UI Authorization

By default, there is no authorization (anonymous user will be used).

If list of auth.users is not empty, all authorized users will be allowed.

OAuth2

This is mostly recommended way

Defined in the section: auth.oauth2

  • title - text that will be used for login button
  • secret - OAuth2 client secret
  • key - OAuth2 client ID
  • callback_url - redirect URL, must point to your sever plus /ui/auth/oauth2/callback
  • auth_url - authenticate URL, different for each provider
  • token_url - issue token URL, different for each provider
  • profile_url (optional) - URL that should return user JSON profile on GET request with authorization by token; if not defined login will an empty string
  • login_field - (required only if profile_url set) filed name (should be string) in profile that identifies user (ex: login, username or email)
  • scopes (optional) - list of OAuth2 scopes

Gitea example:

auth:
  oauth2:
    title: Gitea
    secret: "oauth secret"
    key: "oauth key"
    callback_url: "https://YOUR-SERVER/ui/auth/oauth2/callback"
    auth_url: "https://gitea-server/login/oauth/authorize"
    token_url: "https://gitea-server/login/oauth/access_token"
    profile_url: "https://gitea-server/api/v1/user"
    login_field: "login"
    scopes:
      - nano-run
  users:
    - "reddec"