Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-26 04:08:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
wekan/packages/wekan-oidc
History
viehlieb 263b405fc8 minor changes to README
2022-03-04 18:53:43 +01:00
..
.gitignore Include to Wekan packages directory contents, so that meteor command would build all directly. 2019-04-20 15:18:33 +03:00
LICENSE.txt Include to Wekan packages directory contents, so that meteor command would build all directly. 2019-04-20 15:18:33 +03:00
loginHandler.js add README and functionality for more control through oidc - create teams/orgs if not exist and addto user - make user admin when flag is set 2022-03-04 18:29:29 +01:00
oidc_client.js Fix Google SSO to access Wekan has not been working 2021-06-11 13:08:23 +03:00
oidc_configure.html Include to Wekan packages directory contents, so that meteor command would build all directly. 2019-04-20 15:18:33 +03:00
oidc_configure.js Include to Wekan packages directory contents, so that meteor command would build all directly. 2019-04-20 15:18:33 +03:00
oidc_server.js add README and functionality for more control through oidc - create teams/orgs if not exist and addto user - make user admin when flag is set 2022-03-04 18:29:29 +01:00
package.js add functionality for oidc login to change MongoDB data for email, fullname, username, user.teams 2022-02-23 15:09:03 +01:00
README.md minor changes to README 2022-03-04 18:53:43 +01:00

README.md

salleman:oidc package

A Meteor implementation of OpenID Connect Login flow

Usage and Documentation

Look at the salleman:accounts-oidc package for the documentation about using OpenID Connect with Meteor.

Usage with e.g. authentik for updating users via oidc

To use the following features set: 'export PROPAGATE_OIDC_DATA=true'

SIMPLE: If user is assigned to 'group in authentik' it will be automatically assigned to corresponding team in wekan if exists

ADVANCED: Users can be assigned to teams or organisations via oidc on login. Teams and organisations that do not exist in wekan, yet, will be created, when specified. Admin privileges for wekan through a specific group can be set via Oidc. See example below:

  1. Specify scope in authentik for what will be delivered via userinfo["wekanGroups"]
Possible configuration for *yourScope*:
'
groupsDict = {"wekanGroups": []}
for group in request.user.ak_groups.all():
  groupDict = {"displayName": group.name}
  groupAdmin = {"isAdmin": group.isAdmin}
  groupAttributes = group.attributes
  tmp_dict= groupDict | groupAttributes | groupAdmin

  groupsDict["wekanGroups"].append(tmp_dict)
return groupsDict
'

  1. Tell provider to include yourScope and set OAUTH2_REQUEST_PERMISSIONS="openid profile email yourScope"

  2. In your group settings in authentik add attributes: desc: groupDesc // default group.name isAdmin: true // default false website: groupWebsite // default group.name isActive: true // default false shortName: groupShortname // default group.name forceCreate: true // default false isOrganisation: true // default false

  3. On next login user will be added to either newly created group/organization or to already existing

NOTE: orgs & teams won't be updated if they already exist.