feat(oauth): merge pr from https://github.com/portainer/portainer/pull/2515

2025-07-24 15:59:41 +02:00 · 2018-12-30 18:02:22 +02:00 · 2018-12-30 18:02:22 +02:00 · 241a701eca
commit 241a701eca
parent 463b379876
19 changed files with 501 additions and 7 deletions
--- a/api/portainer.go
+++ b/api/portainer.go
@ -56,6 +56,19 @@ type (
 		AutoCreateUsers     bool                      `json:"AutoCreateUsers"`
 	}

+	// OAuthSettings represents the settings used to authorize with an authorization server
+	OAuthSettings struct {
+		ClientID             string `json:"ClientID"`
+		ClientSecret         string `json:"ClientSecret,omitempty"`
+		AccessTokenURI       string `json:"AccessTokenURI"`
+		AuthorizationURI     string `json:"AuthorizationURI"`
+		ResourceURI          string `json:"ResourceURI"`
+		RedirectURI          string `json:"RedirectURI"`
+		UserIdentifier       string `json:"UserIdentifier"`
+		Scopes               string `json:"Scopes"`
+		OAuthAutoCreateUsers bool   `json:"OAuthAutoCreateUsers"`
+	}
+
 	// TLSConfiguration represents a TLS configuration
 	TLSConfiguration struct {
 		TLS           bool   `json:"TLS"`
@ -85,6 +98,7 @@ type (
 		BlackListedLabels                  []Pair               `json:"BlackListedLabels"`
 		AuthenticationMethod               AuthenticationMethod `json:"AuthenticationMethod"`
 		LDAPSettings                       LDAPSettings         `json:"LDAPSettings"`
+		OAuthSettings                      OAuthSettings        `json:"OAuthSettings"`
 		AllowBindMountsForRegularUsers     bool                 `json:"AllowBindMountsForRegularUsers"`
 		AllowPrivilegedModeForRegularUsers bool                 `json:"AllowPrivilegedModeForRegularUsers"`
 		SnapshotInterval                   string               `json:"SnapshotInterval"`
@ -748,6 +762,12 @@ type (
 		GetUserGroups(username string, settings *LDAPSettings) ([]string, error)
 	}

+	// OAuthService represents a service used to authenticate users against an authorization server
+	OAuthService interface {
+		GetAccessToken(code string, settings *OAuthSettings) (string, error)
+		GetUsername(token string, settings *OAuthSettings) (string, error)
+	}
+
 	// SwarmStackManager represents a service to manage Swarm stacks
 	SwarmStackManager interface {
 		Login(dockerhub *DockerHub, registries []Registry, endpoint *Endpoint)
@ -833,6 +853,8 @@ const (
 	AuthenticationInternal
 	// AuthenticationLDAP represents the LDAP authentication method (authentication against a LDAP server)
 	AuthenticationLDAP
+	//AuthenticationOAuth represents the OAuth authentication method (authentication against a authorization server)
+	AuthenticationOAuth
 )

 const (