Skip to content

Latest commit

 

History

History
68 lines (59 loc) · 11.4 KB

generic-oauth-configuration.md

File metadata and controls

68 lines (59 loc) · 11.4 KB
description
This page provides information about integration an OpenID Connect (OIDC) compliant OAuth 2.0 identity provider

Generic OAuth Configuration

Environment variables

Registry environment variables specific to configure an OAuth 2.0 Identity Provider

Properties Description
identity_provider

name of the class which implements dev.sunbirdrc.registry.identity_providers.providers.IdentityProvider for OAuth. below are two implementation in sunbird rc for keycloak and fusion auth respectively dev.sunbirdrc.auth.keycloak.KeycloakProviderImpl

dev.sunbirdrc.auth.genericiam.AuthProviderImpl
sunbird_sso_url provider connection url i.e. http://fusionauthwrapper:3990/fusionauth/api/v1/user
sunbird_sso_realm realm name to be used for authentication and authorization
sunbird_sso_admin_client_id client id to be used as admin
sunbird_sso_admin_client_secret secret key of admin client
sunbird_keycloak_user_set_password boolean value to default password for user/owner of entity in Identity Provider
sunbird_keycloak_user_password provide this value as true to set this as default user password
identity_user_actions actions which will be trigger by identity provider, example email actions: VERIFY_EMAIL, UPDATE_PROFILE, UPDATE_PASSWORD,TERMS_AND_CONDITIONS etc. email details should be configured in keycloak realm settings
oauth2_resource_uri

OAuth2 resource URI
i.e. http://localhost:8080/auth/realms/sunbird-rc
oauth2_resource_email_path user email path in jwt token payload which should contain value of type string
oauth2_resource_consent_path user consent path in jwt token payload which should contain value of type map of string to integer
oauth2_resource_roles_path user roles path in jwt token payload which should contain value of type list of string
oauth2_resource_entity_path entity name path in jwt token payload which should contain value of type list of string
oauth2_resource_user_id_path user id path in jwt token payload which should contain value of type string

Integrating the Keycloak indentity provider

Property Value
identity_provider dev.sunbirdrc.auth.keycloak.KeycloakProviderImpl
sunbird_sso_url http://keycloak:8080/auth
sunbird_sso_realm sunbird-rc
sunbird_sso_admin_client_id admin-api
sunbird_sso_admin_client_secret ******
sunbird_keycloak_user_set_password abcd@123
sunbird_keycloak_user_password true
identity_user_actions
oauth2_resource_uri http://localhost:8080/auth/realms/sunbird-rc
oauth2_resource_email_path email
oauth2_resource_consent_path consent
oauth2_resource_roles_path realm_access.roles
oauth2_resource_entity_path entity
oauth2_resource_user_id_path sub

Integrating the FusionAuth indentity provider

Property Value
identity_provider dev.sunbirdrc.auth.genericiam.AuthProviderImpl
sunbird_sso_url http://fusionauthwrapper:3990/fusionauth/api/v1/user
sunbird_sso_realm sunbird-rc
sunbird_sso_admin_client_id admin-api
sunbird_sso_admin_client_secret ******
sunbird_keycloak_user_set_password abcd@123
sunbird_keycloak_user_password true
identity_user_actions
oauth2_resource_uri http://fusionauth:9011/
oauth2_resource_email_path email
oauth2_resource_consent_path consent
oauth2_resource_roles_path roles
oauth2_resource_entity_path entity
oauth2_resource_user_id_path sub

Additionally you can refer to this sample of Fusion Auth service on how to setup fusionauth https://github.com/Sunbird-RC/sunbird-rc-core/blob/main/services/sample-fusionauth-service/docker-compose.yml